Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
Several security related problems have been discovered in Mantis, a
web-based bug tracking system The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2005-4238
Missing input sanitising allows remote attackers to inject
arbitrary web script or HTML
CVE-2005-4518
Tobias Klein discovered that Mantis a ...