CVE Catalog

CVE-2026-44960

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

CVE-2026-44960 involves a stored XSS that can be exploited by leveraging usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation.

Risk Assessment

The organization is exposed to XSS attacks that could lead to data theft or compromise of admin accounts. The execution of malicious code may threaten the integrity of the system and data.

Recommendation

It is recommended to implement proper output sanitisation and escaping in the audit log details to prevent the execution of malicious code. An audit of existing usernames for potential threats should also be conducted.

Original NVD description (English source)

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS