A cross-site scripting vulnerability exists in the Filter API component of Mantis Bug Tracker. The vulnerability is due to insufficient input validation on the view_type parameter in view_all_bug_page.php. A remote attacker could exploit this vulnerability by enticing authenticated users to click on a crafted link. Successful exploitation could allow the attacker to execute malicious script code in the context of the victim’s browser.