4 matches found
CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
CVE-2026-25156
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
PT-2026-5496
Name of the Vulnerable Software and Affected Versions HotCRP versions October 2025 through January 2026 Description HotCRP is conference review software. Versions between October 2025 and January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in...