An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.

An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...

MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php