PT-2026-57842 · Rejetto · Rejetto Hfs

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-61501

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0
Description The administration panel renders log entries as HTML without proper sanitization. A remote unauthenticated attacker can submit a failed login attempt using a crafted username that is written to the error log. When an administrator views these logs, the malicious JavaScript executes in their browser, potentially allowing the attacker to create new accounts or execute code on the server using the administrator's privileges. This is a Stored Cross-Site Scripting (XSS) issue, where a malicious script is permanently stored on the target server.
Recommendations Update Rejetto HFS to version 3.2.1.

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61501

Affected Products

Rejetto Hfs