CVE Catalog

CVE-2026-36358

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability has been discovered in Juzaweb CMS version 5.0.0. A remote attacker can exploit the Add Banner Ads function to inject a malicious script and execute arbitrary code in the victim's browser.

Risk Assessment

The risk involves potential session hijacking, data theft, or malware distribution through a crafted banner ad displayed to users.

Recommendation

Immediately update Juzaweb CMS to the latest version and implement input filtering and encoding in the Add Banner Ads function.

Original NVD description (English source)

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function

Vulnerability data from NVD (NIST) · CISA KEV · EPSS