CVE-2026-36725
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
FastapiAdmin v2.2.0 has a cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the notice_content parameter.
Risk Assessment
This vulnerability could lead to user data theft or session hijacking, posing a significant security threat to the application and its users.
Recommendation
It is recommended to upgrade to the latest version of FastapiAdmin and to validate and sanitize input data to minimize XSS risk.
Original NVD description (English source)
A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.

