Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
XSS
PHP
Mantisbt
NVD
CVSS 2.0
2.1
EPSS
0.2%