CVE Catalog
CVE-2026-57320
HighCVSS 7.1Summary
An unauthenticated Cross Site Scripting (XSS) vulnerability exists in BEAR versions 1.1.8 and earlier. It allows a remote attacker to inject malicious JavaScript code into the page without requiring authentication.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, leading to data confidentiality and integrity breaches.
Recommendation
Immediately upgrade BEAR to a version later than 1.1.8 that includes the XSS fix. If an upgrade is not possible, implement temporary mitigations such as input filtering.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

