3 matches found
CVE-2026-41929
CVE-2026-41929 affects Vvveb prior to 1.0.8.2, where an unauthenticated reflected XSS can be triggered via the visual editor preview renderer by manipulating the r query parameter and _component_ajax POST data. The root cause is inadequate input handling: isEditor() lacks session/role/token check...
CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...
CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...