CVE-2026-4510 in PbootCMSinfo

Summary

by MITRE • 03/21/2026

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

03/21/2026

Moderation

accepted

Entry

VDB-352076

CPE

ready

CWE

CWE-79 (confirmed)

Exploit

Download

CVSS

4.3 (VulDB)

EPSS

0.00042

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4510
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4510
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4510/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!