CVE-2026-27176

Name of the Vulnerable Software and Affected Versions MajorDoMo versions (affected versions not specified)

Description MajorDoMo contains a reflected cross-site scripting (XSS) issue in the 'command.php' file. The $qry parameter is directly included in the HTML page without proper sanitization using htmlspecialchars(), both within an input field's value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by creating a URL with malicious content in the $qry parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.