FKIE_CVE-2026-1011

Vulnerability from fkie_nvd - Published: 2026-01-16 00:16 - Updated: 2026-01-23 20:26
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests. The injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim’s browser context.
References
4760f414-e1ae-4ff1-bdad-c7a9c3538b79https://www.altium.com/platform/security-compliance/security-advisoriesVendor Advisory
Impacted products
Vendor Product Version
altium altium_live *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:altium:altium_live:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "079E28E9-A5B9-49AF-8D96-B56C46DB5231",
              "versionEndIncluding": "1.1.1.39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests.\n\nThe injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim\u2019s browser context."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en el endpoint AddComment del Centro de Soporte de Altium debido a la falta de sanitizaci\u00f3n de entrada del lado del servidor. Aunque la interfaz del cliente aplica escape de HTML, el backend acepta y almacena HTML y JavaScript arbitrarios suministrados a trav\u00e9s de solicitudes POST modificadas.\n\nEl contenido inyectado se renderiza textualmente cuando otros usuarios ven los casos de soporte, incluido el personal de soporte con privilegios elevados, lo que permite la ejecuci\u00f3n de JavaScript arbitrario en el contexto del navegador de la v\u00edctima."
    }
  ],
  "id": "CVE-2026-1011",
  "lastModified": "2026-01-23T20:26:55.737",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-16T00:16:29.050",
  "references": [
    {
      "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.altium.com/platform/security-compliance/security-advisories"
    }
  ],
  "sourceIdentifier": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.