4 matches found
CVE-2026-23841 Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...
CVE-2026-23840
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...
CVE-2026-23839
CVE-2026-23839 affects Movary, a web application to track and rate movie watch history. The issue arises from insufficient input validation that enables cross-site scripting via the vulnerable parameter ?categoryUpdated= in versions prior to 0.70.0. Version 0.70.0 fixes the issue. References from...
CVE-2026-23839 Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...