CVE-2026-1136

🗓️ 19 Jan 2026 03:32:05Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 7 Views🌐 WEB

CVE 2026-1136 reveals cross site scripting in BootDo Save function; remote exploitation possible.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-1136	19 Jan 202603:32	–	attackerkb
CNNVD	BootDo code injection vulnerability	19 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting	19 Jan 202603:32	–	cvelist
EUVD	EUVD-2026-3243	19 Jan 202603:32	–	euvd
NVD	CVE-2026-1136	19 Jan 202604:15	–	nvd
Positive Technologies	PT-2026-3423	19 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1136	20 Jan 202604:23	–	redhatcve
Vulnrichment	CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting	19 Jan 202603:32	–	vulnrichment

[
  {
    "vendor": "lcg0124",
    "product": "BootDo",
    "versions": [
      {
        "version": "e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb",
        "status": "affected"
      }
    ],
    "modules": [
      "ContentController"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/webzzaa/CVE-/issues/4
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
content	request body	/blog/bContent/save	Cross-site scripting in Save of ContentController due to unsanitized inputs in content/author/title.	CWE-79, CWE-94
author	request body	/blog/bContent/save	Cross-site scripting in Save of ContentController due to unsanitized inputs in content/author/title.	CWE-79, CWE-94
title	request body	/blog/bContent/save	Cross-site scripting in Save of ContentController due to unsanitized inputs in content/author/title.	CWE-79, CWE-94

29 Apr 2026 01:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.13.5

CVSS 24

CVSS 45.1

CVSS 33.5

EPSS0.00016

SSVC