CVE-2026-4510

Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12

Description A weakness exists in PbootCMS that allows for cross site scripting. This issue impacts the alert location function within the apps/home/controller/MemberController.php file, specifically related to the Parameter Handler component. Manipulation of the backurl argument can lead to exploitation. The exploit has been publicly released, potentially enabling attacks.

Recommendations Update PbootCMS to a version newer than 3.2.12. As a temporary workaround, consider restricting access to the alert location function within the apps/home/controller/MemberController.php file until a patch is available.