These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-7111 covers a cross-site scripting issue in MantisBT tied to a weak Content Security Policy when the Gravatar plugin is used. NVD classifies it as CWE-79 with a network-reachable attack surface, user interaction required, and low confidentiality/integrity impact.
CVE-2016-5364 is a cross-site scripting flaw in MantisBT's manage_custom_field_edit_page.php. NVD lists affected versions through 1.2.19, and the issue is reachable over the network with no privileges required, but it does require user interaction. The published CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which aligns with a medium-severity web injection issue.