CVE-2026-5615

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2026-5615

The CVE-2026-5615 issue affects givanz Vvvebjs up to 2.0.5, specifically the File Upload Endpoint’s file upload.php. An manipulation of the uploadAllowExtensions argument enables cross-site scripting, with remote exploitation possible and a public exploit available. A patch is provided as 8cac22c...

PT-2026-30559

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

VvvebJs 代码注入漏洞

VvvebJs is a drag-and-drop website generator developed by Givan’s individual developer. VvvebJs versions 2.0.5 and earlier had a code injection vulnerability, which stemmed from improper handling of the uploadAllowExtensions parameter in the upload.php file. This vulnerability could lead to...