CVE Catalog

CVE-2026-36725

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

FastapiAdmin v2.2.0 has a cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the notice_content parameter.

Risk Assessment

This vulnerability could lead to user data theft or session hijacking, posing a significant security threat to the application and its users.

Recommendation

It is recommended to upgrade to the latest version of FastapiAdmin and to validate and sanitize input data to minimize XSS risk.

Original NVD description (English source)

A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS