CVE-2026-1953 in Nukegraphicinfo

Zusammenfassung

von MITRE • 05.02.2026

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS pages. An authenticated attacker with low privileges can inject malicious JavaScript payloads through the profile edit request, which are then executed site-wide whenever the affected user's name is displayed. This allows the attacker to execute arbitrary JavaScript in the context of other users' sessions, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of victims.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Gridware

Reservieren

05.02.2026

Veröffentlichung

05.02.2026

Moderieren

akzeptiert

Eintrag

VDB-344474

CPE

bereit

EPSS

0.00023

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Hostingprovider, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-1953
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-1953
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-1953/

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!