CVE-2026-5806
⚪ Do wiadomości
Wykorzystanie luki w Easy Blog Site umożliwia zdalne wykonanie ataku XSS.
CVSS
3.5
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-08 22:16:24 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-24 18:04:28 UTC |
Referencje
- https://code-projects.org/ (cna@vuldb.com)
- https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Easy%20Blog%20Site%20PHP%20postTitle%20Parameter.md (cna@vuldb.com)
- https://vuldb.com/submit/787045 (cna@vuldb.com)
- https://vuldb.com/vuln/356244 (cna@vuldb.com)
- https://vuldb.com/vuln/356244/cti (cna@vuldb.com)