PT-2026-21001 · Unknown · Rachelos Werss We-Mp-Rss
Din4
·
Published
2026-02-20
·
Updated
2026-02-20
·
CVE-2026-2825
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
rachelos WeRSS we-mp-rss versions up to 1.4.8
Description
A flaw exists in the fix html function within the tools/fix.py file of the Article Module component. This issue allows for cross site scripting, and can be initiated remotely. The exploit for this issue has been publicly disclosed.
Recommendations
Update rachelos WeRSS we-mp-rss to a version later than 1.4.8.
Exploit
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rachelos Werss We-Mp-Rss