CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

EUVD-2026-22043

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

CVE-2026-40039 Pachno 1.0.6 Open Redirection via return_to Parameter

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

PT-2026-32495

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

PT-2026-32493

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return to parameter. Attackers can craft malicious login URLs with unvalidated return to values to conduct phishing attacks and steal user credentials...

PT-2023-30449 · Pachno · Pachno

Name of the Vulnerable Software and Affected Versions: Pachno version 1.0.6 Description: A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting XSS attack. The issue exists due to inadequate input validation in the Project Description and...