Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. Per: http://secunia.com/secunia_research/2010-103/
"Successful exploitation requires "manager" permissions."
Publication date: Tue, 10 Aug 2010 17:23:00 +0000