Is the problem always occurring with the same specific file or file type ?
Do you see errors in the browser's console or in the server's log ?
What is happening with the dropzone.js AJAX request when the problem occurs (status code, response)?
Can you provide the complete HTML code that appears on screen in your video.

Actually I just noticed that you scrolled down 6-7 seconds into your video, and captured a screenshot which allowed me to identify the error message I was looking for:

APPLICATION ERROR 27: You have reached the allowed activity limit of 10 events within the last 3600 seconds; your action has been blocked to avoid spam, please try again later

So the problem is caused by MantisBT's antispam settings, which are possibly too low to accommodate your user's activity. As a workaround I suggest you adjust those as appropriate ($g_antispam_max_event_count, $g_antispam_time_window_in_seconds) or wait until the antispam delay expires and try again.

That being said, I would expect the AJAX to fail gracefully in such case, and not display HTML code on the screen.

PR https://github.com/mantisbt/mantisbt/pull/2150

@atrol why did you change the target version, it was correct

~/dev/mantisbt/mantis$ git describe --contains 0faf5a5c
release-2.27.2~11^2~1

@dregad "Fixed in Version" was set to 2.28.0, but "Target Version" was set to 2.27.2.
That was confusing to me, especially as "Status" was set to "Closed" and the issue was visible in "Changelog" of non-released version 2.28.0.
I checked that the PR was merged to master, so thought that the issue can't be targetted to 2.27.2.

Ah yes that makes sense now. It's because I had the wrong target branch on the PR when I merged it, then I made a second merge to master-2.27 but did not realize that source integration did not pick that up and changed the fixed in version. My mistake, thanks for noticing.