PT-2026-3480 · Movary · Movary

Mbiesiad

·

Publicado

2026-01-19

·

Atualizado

2026-01-20

·

CVE-2026-23839

CVSS v3.1

9.3

Crítica

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.70.0
Description Movary is a web application used to track and rate movie watch history. Insufficient input validation allows attackers to trigger cross-site scripting payloads. The vulnerable parameter is categoryUpdated.
Recommendations Versions prior to 0.70.0 should be updated to version 0.70.0.

Exploit

Correção

XSS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-20

Identificadores relacionados

CVE-2026-23839
GHSA-V32W-5QX7-P3VQ

Produtos afetados

Movary