PT-2026-53206 · Gotohttp · Gotohttp

Songmaoyang

Published

2026-06-29

Updated

2026-06-29

CVE-2026-13536

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GotoHTTP versions prior to 10.3

Description Remote attackers can initiate cross site scripting by manipulating the sn argument during the processing of the /reg.12x file. Cross site scripting is a technique where malicious scripts are injected into trusted websites.

Recommendations Update to version 10.3 or later. As a temporary mitigation, restrict access to the /reg.12x file.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-13536

Affected Products

Gotohttp

PT-2026-53206 · Gotohttp · Gotohttp

CVE-2026-13536

Weakness Enumeration

Related Identifiers

Affected Products

References · 7