A cross-site scripting (XSS) flaw was found in the way MantisBT, a web-based issue tracking system, sanitized project name when displaying the project list for a particular filter. A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution in the context of the MantisBT user's session.
 http://github.com/mantisbt/mantisbt/commit/c61dc631b4c37547a25e1306ed90aa09e9e1b837 (against 1.2.x branch)
This issue did NOT affect the versions of the mantis package, as shipped with Fedora release of 17, 18, and Fedora EPEL-5 (the former two already contain the upstream fix, the latter third one was not vulnerable to the problem).
The CVE identifier of CVE-2013-1932 has been assigned to this issue: