CVE Catalog
CVE-2026-36748
CriticalCVSS 9.0Exploitation Probability (EPSS)
Low risk0.30%
21th percentile — higher than 21% of all known CVEs
Summary
XSS vulnerability in RockRMS versions up to 16.13 and before 17.7.0, present in social media links in user profiles. An attacker can inject malicious script that executes in the victim's browser.
Risk Assessment
Risk of session theft, account takeover, or unauthorized actions within RockRMS. This could lead to data leakage or system integrity compromise.
Recommendation
Immediately upgrade RockRMS to version 17.7.0 or later, which includes a fix for the XSS vulnerability. Also train administrators on secure configuration of social media link fields.
Original NVD description (English source)
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.

