PT-2026-57842 · Rejetto · Rejetto Hfs
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-61501
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rejetto HFS versions 3.0.0 through 3.2.0
Description
The administration panel renders log entries as HTML without proper sanitization. A remote unauthenticated attacker can submit a failed login attempt using a crafted
username that is written to the error log. When an administrator views these logs, the malicious JavaScript executes in their browser, potentially allowing the attacker to create new accounts or execute code on the server using the administrator's privileges. This is a Stored Cross-Site Scripting (XSS) issue, where a malicious script is permanently stored on the target server.Recommendations
Update Rejetto HFS to version 3.2.1.
Fix
RCE
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rejetto Hfs