PT-2026-41392 · Weblate · Weblate
Published
2026-05-15
·
Updated
2026-06-17
·
CVE-2026-45106
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Weblate versions prior to 2026.5
Description
The live search preview renders the
source and context variables as HTML without proper escaping. This allows a contributor to store HTML and CSS that executes within the authenticated editor of any user who performs a matching search.Recommendations
Update to version 2026.5.
As a temporary workaround, avoid using the search preview on the affected views.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weblate