CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...