PT-2026-30559 · Givanz · Givanz Vvveb
Ethx0
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5615
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
givanz Vvvebjs versions up to 2.0.5
Description
A weakness exists in givanz Vvvebjs up to version 2.0.5 related to the File Upload Endpoint, specifically within the
upload.php file. Manipulation of the uploadAllowExtensions argument can lead to cross site scripting. Remote exploitation is possible. The exploit has been made publicly available.Recommendations
Apply patch 8cac22cff99b8bc701c408aa8e887fa702755336.
Exploit
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Givanz Vvveb