CVE-2026-41929
CVE-2026-41929 affects Vvveb prior to 1.0.8.2, where an unauthenticated reflected XSS can be triggered via the visual editor preview renderer by manipulating the r query parameter and _component_ajax POST data. The root cause is inadequate input handling: isEditor() lacks session/role/token check...