CVE-2026-2947

Name of the Vulnerable Software and Affected Versions rymcu forest versions up to 0.0.5

Description A cross-site scripting issue exists in rymcu forest. The issue is located in the updateUserInfo function within the src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java file of the User Profile Handler component. This allows for remote execution of attacks. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 0.0.5 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.