CVE Catalog

CVE-2026-57320

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in BEAR versions 1.1.8 and earlier. It allows a remote attacker to inject malicious JavaScript code into the page without requiring authentication.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, leading to data confidentiality and integrity breaches.

Recommendation

Immediately upgrade BEAR to a version later than 1.1.8 that includes the XSS fix. If an upgrade is not possible, implement temporary mitigations such as input filtering.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS