Typemill · Typemill · CVE-2026-24127
**Name of the Vulnerable Software and Affected Versions**
Typemill versions 2.19.1 and below
**Description**
Typemill is a flat-file, Markdown-based CMS for informational documentation websites. A reflected Cross-Site Scripting (XSS) issue exists in the login error view template `login.twig`. The `username` value is echoed back without proper encoding when authentication fails, allowing an attacker to execute script in the login page context.
**Recommendations**
Update to version 2.19.2 or later.