CVE-2026-5252

Name of the Vulnerable Software and Affected Versions z-9527 admin versions 1.0 through 2.0

Description A security flaw has been discovered in z-9527 admin versions 1.0 and 2.0. The issue affects an unknown function within the /server/routes/message.js file of the Message Create Endpoint component. Manipulation of this component can lead to cross site scripting. The attack can be initiated remotely. The exploit has been released publicly and may be used for attacks. The vendor was contacted regarding this disclosure but did not respond.

Recommendations For z-9527 admin version 1.0, address the cross site scripting issue in the /server/routes/message.js file of the Message Create Endpoint component. For z-9527 admin version 2.0, address the cross site scripting issue in the /server/routes/message.js file of the Message Create Endpoint component.