2 matches found
@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +21 more potentially affected by CVE-2026-34748 via @payloadcms/next (>=3.0.0-alpha.46 <=3.78.0-internal.5219978)
@payloadcms/next NPM version =3.0.0-alpha.46, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.2.0, =0.2.0, =1.0.54, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.4 and more Source cves: CVE-2026-34748 Source advisory: OSV:GHSA-MMXC-95CH-2J7C...
@payloadcms/next has Stored XSS in Admin Panel
Impact A stored Cross-site Scripting XSS vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. Consumers are affected if ALL of these are true: - Payload version v3.78...