CVE-2026-2145

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions through 4.3.7

Description A cross site scripting issue exists in cym1102 nginxWebUI. The issue is related to manipulation of the nginxDir argument within an unknown function of the file /adminPage/conf/check, part of the Web Management Interface component. This manipulation can be executed remotely. The project was informed of the issue but has not responded. The exploit is publicly available.

Recommendations Versions prior to 4.3.7 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.