Common Weakness Enumeration

CWE-94

Allowed-with-Review

Improper Control of Generation of Code ('Code Injection')

Abstraction: Base · Status: Draft

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

8301 vulnerabilities reference this CWE, most recent first.

CVE-2026-10234 (GCVE-0-2026-10234)

Vulnerability from cvelistv5 – Published: 2026-06-01 07:00 – Updated: 2026-06-02 13:44
VLAI
Title
Mettle sendportal Campaign webview cross site scripting
Summary
A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/367513 vdb-entrytechnical-description
https://vuldb.com/vuln/367513/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10234 third-party-advisory
https://vuldb.com/submit/822923 third-party-advisory
https://vuldb.com/submit/825494 third-party-advisory
https://github.com/mettle/sendportal/issues/338 exploitissue-tracking
https://github.com/mettle/sendportal/ product
Impacted products
Vendor Product Version
Mettle sendportal Affected: 3.0.0
Affected: 3.0.1
    cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Kabilan D B1scuit (VulDB User) Superman_04 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10234",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T13:25:43.249131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T13:25:52.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Campaign Handler"
          ],
          "product": "sendportal",
          "vendor": "Mettle",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kabilan D"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "B1scuit (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Superman_04 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T13:44:11.395Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367513 | Mettle sendportal Campaign webview cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367513"
        },
        {
          "name": "VDB-367513 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367513/cti"
        },
        {
          "name": "CVE-2026-10234 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10234"
        },
        {
          "name": "Submit #822923 | Mettle sendportal v3.0.1 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/822923"
        },
        {
          "name": "Submit #825494 | mettle sendportal 3.0.1 Cross Site Scripting (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/825494"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/mettle/sendportal/issues/338"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/mettle/sendportal/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-02T15:46:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Mettle sendportal Campaign webview cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10234",
    "datePublished": "2026-06-01T07:00:11.419Z",
    "dateReserved": "2026-05-31T08:14:20.891Z",
    "dateUpdated": "2026-06-02T13:44:11.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10228 (GCVE-0-2026-10228)

Vulnerability from cvelistv5 – Published: 2026-06-01 05:30 – Updated: 2026-06-01 13:15
VLAI
Title
raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting
Summary
A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
raisulislamg4 student_management_system_by_php Affected: 310d950e09013d5133c6b9210aff9444382d16d1
    cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
roxci (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10228",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T13:15:31.005031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T13:15:40.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*"
          ],
          "product": "student_management_system_by_php",
          "vendor": "raisulislamg4",
          "versions": [
            {
              "status": "affected",
              "version": "310d950e09013d5133c6b9210aff9444382d16d1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "roxci (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T05:30:08.542Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367507 | raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367507"
        },
        {
          "name": "VDB-367507 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367507/cti"
        },
        {
          "name": "CVE-2026-10228 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10228"
        },
        {
          "name": "Submit #822848 | raisulislamg4 student_management_system_by_php 1.0 Stored Cross-Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/822848"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/raisulislamg4/student_management_system_by_php/issues/5"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/raisulislamg4/student_management_system_by_php/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-31T10:04:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10228",
    "datePublished": "2026-06-01T05:30:08.542Z",
    "dateReserved": "2026-05-31T07:58:54.579Z",
    "dateUpdated": "2026-06-01T13:15:40.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10175 (GCVE-0-2026-10175)

Vulnerability from cvelistv5 – Published: 2026-05-31 08:45 – Updated: 2026-06-02 14:43
VLAI
Title
Aider-AI Aider Architect Mode auth.py editor_coder.run code injection
Summary
A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/367456 vdb-entrytechnical-description
https://vuldb.com/vuln/367456/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10175 third-party-advisory
https://vuldb.com/submit/819909 third-party-advisory
https://github.com/Aider-AI/aider/issues/5058 exploitissue-tracking
https://github.com/Aider-AI/aider/ product
Impacted products
Vendor Product Version
Aider-AI Aider Affected: 0.86.3
    cpe:2.3:a:aider-ai:aider:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
tchen200311 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T14:43:33.177520Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T14:43:56.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:aider-ai:aider:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Architect Mode"
          ],
          "product": "Aider",
          "vendor": "Aider-AI",
          "versions": [
            {
              "status": "affected",
              "version": "0.86.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "tchen200311 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-31T08:45:07.461Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367456 | Aider-AI Aider Architect Mode auth.py editor_coder.run code injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367456"
        },
        {
          "name": "VDB-367456 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367456/cti"
        },
        {
          "name": "CVE-2026-10175 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10175"
        },
        {
          "name": "Submit #819909 | paul-gauthier aider 0.86.3 Code Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/819909"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/Aider-AI/aider/issues/5058"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/Aider-AI/aider/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-30T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-30T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-30T18:26:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Aider-AI Aider Architect Mode auth.py editor_coder.run code injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10175",
    "datePublished": "2026-05-31T08:45:07.461Z",
    "dateReserved": "2026-05-30T16:21:40.551Z",
    "dateUpdated": "2026-06-02T14:43:56.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10173 (GCVE-0-2026-10173)

Vulnerability from cvelistv5 – Published: 2026-05-31 07:00 – Updated: 2026-06-01 15:24 X_Open Source
VLAI
Title
Orthanc Explorer 2 URL StudyList.vue cross site scripting
Summary
A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: 21f78ce5da668bf5233efcd1896ec7c6e3b22eae. Applying a patch is the recommended action to fix this issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Orthanc Explorer 2 Affected: 1.0
Affected: 1.1
Affected: 1.2
Affected: 1.3
Affected: 1.4
Affected: 1.5
Affected: 1.6
Affected: 1.7
Affected: 1.8
Affected: 1.9
Affected: 1.10
Affected: 1.11
Affected: 1.12.0
    cpe:2.3:a:orthanc:explorer_2:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
dapickle (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10173",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T15:17:31.968853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T15:24:36.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:orthanc:explorer_2:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "URL Handler"
          ],
          "product": "Explorer 2",
          "vendor": "Orthanc",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5"
            },
            {
              "status": "affected",
              "version": "1.6"
            },
            {
              "status": "affected",
              "version": "1.7"
            },
            {
              "status": "affected",
              "version": "1.8"
            },
            {
              "status": "affected",
              "version": "1.9"
            },
            {
              "status": "affected",
              "version": "1.10"
            },
            {
              "status": "affected",
              "version": "1.11"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "dapickle (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: 21f78ce5da668bf5233efcd1896ec7c6e3b22eae. Applying a patch is the recommended action to fix this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-31T07:00:12.012Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367430 | Orthanc Explorer 2 URL StudyList.vue cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367430"
        },
        {
          "name": "VDB-367430 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367430/cti"
        },
        {
          "name": "CVE-2026-10173 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10173"
        },
        {
          "name": "Submit #819559 | orthanc orthanc-server/orthanc-explorer-2 \u003c = 1.12.0  Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/819559"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/orthanc-server/orthanc-explorer-2/issues/108"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/rafaelsouzars/orthanc-explorer-2/commit/21f78ce5da668bf5233efcd1896ec7c6e3b22eae"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-30T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-30T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-30T13:13:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Orthanc Explorer 2 URL StudyList.vue cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10173",
    "datePublished": "2026-05-31T07:00:12.012Z",
    "dateReserved": "2026-05-30T11:08:33.360Z",
    "dateUpdated": "2026-06-01T15:24:36.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10153 (GCVE-0-2026-10153)

Vulnerability from cvelistv5 – Published: 2026-05-30 21:00 – Updated: 2026-06-01 13:46
VLAI
Title
westboy CicadasCMS AbstractCacheManager.java search cross site scripting
Summary
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/367406 vdb-entrytechnical-description
https://vuldb.com/vuln/367406/cti signaturepermissions-required
https://vuldb.com/submit/818792 third-party-advisory
https://gitee.com/westboy/CicadasCMS/issues/IJKWOH exploitissue-tracking
https://gitee.com/westboy/CicadasCMS/ product
Impacted products
Vendor Product Version
westboy CicadasCMS Affected: 2431154dac8d0735e04f1fd2a3c3556668fc8dab
    cpe:2.3:a:westboy:cicadascms:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
DaytimeHeaven (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10153",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T13:46:31.540075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T13:46:49.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:westboy:cicadascms:*:*:*:*:*:*:*:*"
          ],
          "product": "CicadasCMS",
          "vendor": "westboy",
          "versions": [
            {
              "status": "affected",
              "version": "2431154dac8d0735e04f1fd2a3c3556668fc8dab"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "DaytimeHeaven (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-30T21:00:20.910Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367406 | westboy CicadasCMS AbstractCacheManager.java search cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367406"
        },
        {
          "name": "VDB-367406 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367406/cti"
        },
        {
          "name": "Submit #818792 | https://gitee.com/westboy/CicadasCMS CicadasCMS v1.0 Cross-Site Request Forgery",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/818792"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://gitee.com/westboy/CicadasCMS/issues/IJKWOH"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://gitee.com/westboy/CicadasCMS/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-30T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-30T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-30T08:00:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "westboy CicadasCMS AbstractCacheManager.java search cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10153",
    "datePublished": "2026-05-30T21:00:20.910Z",
    "dateReserved": "2026-05-30T05:49:54.641Z",
    "dateUpdated": "2026-06-01T13:46:49.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10134 (GCVE-0-2026-10134)

Vulnerability from cvelistv5 – Published: 2026-06-30 19:56 – Updated: 2026-07-01 17:27
VLAI
Title
Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
Summary
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7277559 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
    cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T03:56:03.770824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:27:28.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
          ],
          "product": "Langflow OSS",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.9.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.\u003c/p\u003e"
            }
          ],
          "value": "IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T19:56:52.069Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7277559"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
        }
      ],
      "title": "Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-10134",
    "datePublished": "2026-06-30T19:56:52.069Z",
    "dateReserved": "2026-05-29T18:38:25.306Z",
    "dateUpdated": "2026-07-01T17:27:28.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10112 (GCVE-0-2026-10112)

Vulnerability from cvelistv5 – Published: 2026-05-30 08:00 – Updated: 2026-06-01 15:25
VLAI
Title
sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting
Summary
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
sambitraj STUDENT-MANAGEMENT-SYSTEM Affected: 1.0
    cpe:2.3:a:sambitraj:student-management-system:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Yuki-U (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10112",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T15:15:10.406787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T15:25:40.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:sambitraj:student-management-system:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Dashboard Page"
          ],
          "product": "STUDENT-MANAGEMENT-SYSTEM",
          "vendor": "sambitraj",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yuki-U (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-30T08:00:11.886Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367290 | sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367290"
        },
        {
          "name": "VDB-367290 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367290/cti"
        },
        {
          "name": "Submit #818540 | sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Stored Cross-Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/818540"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/3"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-29T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-29T19:11:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10112",
    "datePublished": "2026-05-30T08:00:11.886Z",
    "dateReserved": "2026-05-29T17:06:50.277Z",
    "dateUpdated": "2026-06-01T15:25:40.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10109 (GCVE-0-2026-10109)

Vulnerability from cvelistv5 – Published: 2026-06-30 20:02 – Updated: 2026-07-01 17:27
VLAI
Title
IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7277424 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
Affected: 12.1.0 , ≤ 12.1.4 (semver)
    cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T03:56:04.853789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:27:00.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.4",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T20:02:13.026Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7277424"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
        }
      ],
      "title": "IBM\u00ae Db2\u00ae is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-10109",
    "datePublished": "2026-06-30T20:02:13.026Z",
    "dateReserved": "2026-05-29T16:58:35.341Z",
    "dateUpdated": "2026-07-01T17:27:00.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9762 (GCVE-0-2026-9762)

Vulnerability from cvelistv5 – Published: 2026-07-17 17:25 – Updated: 2026-07-17 18:05
VLAI
Title
IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7279479 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
Affected: 12.1.0 , ≤ 12.1.4 (semver)
    cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-17T18:04:21.028735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-17T18:05:02.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.4",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T17:25:53.469Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7279479"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV11.5\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87098 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev12.1.5\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87349 or later for V12.1.4 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.ReleaseFixed in mod packAPARDownload URLV11.5TBDDT471454Special Build #87098 or later for V11.5.9 available at this link:https://www.ibm.com/support/pages/node/7087189V12.1v12.1.5DT471454Special Build #87349 or later for V12.1.4 available at this link:https://www.ibm.com/support/pages/node/7267513IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
        }
      ],
      "title": "IBM\u00ae Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-9762",
    "datePublished": "2026-07-17T17:25:53.469Z",
    "dateReserved": "2026-05-27T18:39:32.605Z",
    "dateUpdated": "2026-07-17T18:05:02.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9608 (GCVE-0-2026-9608)

Vulnerability from cvelistv5 – Published: 2026-05-27 00:15 – Updated: 2026-05-27 13:37
VLAI
Title
QianFox FoxCMS Administrator Backend edit cross site scripting
Summary
A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QianFox FoxCMS Affected: 1.2.0
Affected: 1.2.1
Affected: 1.2.2
Affected: 1.2.3
Affected: 1.2.4
Affected: 1.2.5
Affected: 1.2.6
    cpe:2.3:a:qianfox:foxcms:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
lzihan (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9608",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T13:37:37.925699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T13:37:53.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:qianfox:foxcms:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Administrator Backend"
          ],
          "product": "FoxCMS",
          "vendor": "QianFox",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.2.1"
            },
            {
              "status": "affected",
              "version": "1.2.2"
            },
            {
              "status": "affected",
              "version": "1.2.3"
            },
            {
              "status": "affected",
              "version": "1.2.4"
            },
            {
              "status": "affected",
              "version": "1.2.5"
            },
            {
              "status": "affected",
              "version": "1.2.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lzihan (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T00:15:11.132Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-365681 | QianFox FoxCMS Administrator Backend edit cross site scripting",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/365681"
        },
        {
          "name": "VDB-365681 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/365681/cti"
        },
        {
          "name": "Submit #818342 | QianFox FoxCMS 1.2.6 Doubled Character XSS Manipulations",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/818342"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/QianFox/FoxCMS/issues/2"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/QianFox/FoxCMS/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-26T18:28:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "QianFox FoxCMS Administrator Backend edit cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-9608",
    "datePublished": "2026-05-27T00:15:11.132Z",
    "dateReserved": "2026-05-26T16:23:28.581Z",
    "dateUpdated": "2026-05-27T13:37:53.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Strategy: Refactoring

Refactor your program so that you do not have to dynamically generate code.

Mitigation
Architecture and Design
  • Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
  • Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
  • This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
  • Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Testing

Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

Mitigation MIT-32
Operation

Strategy: Compilation or Build Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation MIT-32
Operation

Strategy: Environment Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation
Implementation

For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

CAPEC-242: Code Injection

An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.