CVE-2026-0521

Name of the Vulnerable Software and Affected Versions TYDAC AG MAP+ version 3.4.0

Description A reflected cross-site scripting (XSS) flaw exists in the PDF export functionality. This allows unauthenticated attackers to create a malicious URL. If a victim accesses this URL, arbitrary JavaScript code can be executed within the victim’s browsing session. The malicious URL could be delivered through methods like sending a link or tricking a victim into visiting a crafted page.

Recommendations TYDAC AG MAP+ version 3.4.0 should be updated to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.