PT-2026-41350 · Vvveb · Vvveb

Published

2026-05-15

·

Updated

2026-05-15

·

CVE-2026-44366

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.1
Description A Stored Cross-Site Scripting (XSS) issue exists in the comment submission flow. An unauthenticated user can submit data through the author field on any public post page. This data is stored without sanitization and subsequently rendered unsanitized in two distinct sinks. Stored Cross-Site Scripting is a flaw where malicious scripts are permanently stored on the target server and executed in the browser of users who visit the affected page.
Recommendations Update to version 1.0.8.1.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44366
GHSA-GPMG-PCXR-9WVF

Affected Products

Vvveb