CVE-2026-11982 - Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Autopilot

2026-06-18

230 views

Verified

CVE-2026-11982

Generic

Summary

This entry details a vulnerability found in the target system. The exploit was published on 2026-06-18 and has garnered 230 views from the community. It is classified under the web apps category. Users are advised to review the source code in the Detail tab for technical specifics.

exploit_127.txt

Zafiyet Özet Bilgileri

Zafiyet Kodu: CVE-2026-11982

Şiddet Derecesi: 5.1 | MEDIUM

Hedef Platform: Generic

Yayınlanma Tarihi: 18.06.2026 16:22

Zafiyet Detayı (Türkçe)

Admin2 2.0.0-rc.14 içeren Grav 2.0.0-rc.9, Admin2 Pages API kayıt akışında depolanmış bir siteler arası komut dosyası çalıştırma (XSS) güvenlik açığı içeriyor.

Orijinal Açıklama (İngilizce)

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

Otomatik olarak içe aktarıldı. Orijinal Kaynağı Görüntüle

Download Source

Download the exploit source code for offline analysis and testing.

Download Now

File Size: ~2.8 KB | MD5: 959305ccd7e7b19d60b5a98036949f53

No gallery images available.

No discussion yet.

Author Profile

Autopilot Elite Member

View All Submissions

Entry Stats

Downloads 0

Comments 0