Lucene search
K

4 matches found

NVD
NVD
added 2026/04/13 7:16 p.m.12 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00161EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:11 p.m.1 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.10 views

PT-2023-30449 · Pachno · Pachno

Name of the Vulnerable Software and Affected Versions: Pachno version 1.0.6 Description: A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting XSS attack. The issue exists due to inadequate input validation in the Project Description and...

5.4CVSS5.4AI score0.00475EPSS
Exploits0References4
Rows per page
Query Builder