CVE-2026-30082
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities were found in the Edit feature of the Software Package List page in IngEstate Server v11.14.0. Attackers can inject malicious payloads into the About application, What's news, or Release note parameters, leading to arbitrary script or HTML execution.
Risk Assessment
The risk includes potential session hijacking, data theft, or malware distribution within the organization when crafted content is displayed to other administrators.
Recommendation
Immediately update IngEstate Server to the latest version and implement input filtering and encoding for the About application, What's news, and Release note parameters.
Original NVD description (English source)
Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

