CVE Catalog
CVE-2026-57656
MediumCVSS 5.9Summary
Cross Site Scripting (XSS) vulnerability in Hester Core versions up to 1.1.8. Allows an attacker to inject malicious JavaScript code into the page, potentially leading to session theft or user redirection.
Risk Assessment
The risk involves the possibility of hijacking an administrator or user session, which may result in unauthorized access to the admin panel and modification of site content.
Recommendation
Immediately update Hester Core to a version later than 1.1.8 where the vulnerability is fixed. If an update is not available, apply temporary mitigations such as input filtering.
Original NVD description (English source)
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

