CVE-2026-11772
MediumCVSS 5.1Summary
DRIMO CMS is vulnerable to reflected XSS via the q parameter in the searching functionality. An attacker can prepare a URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.
Risk Assessment
Exploitation of this vulnerability may lead to user data theft or session hijacking. As the product is in the End Of Life phase, it will not receive security updates.
Recommendation
It is recommended to delete the info.php file to mitigate the risk associated with this vulnerability. Additionally, consider migrating to another supported CMS.
Original NVD description (English source)
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability,

