CVE-2026-1008 in 365informação

Sumário

de MITRE • 16/01/2026

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Altium

Reservar

15/01/2026

Divulgação

16/01/2026

Moderação

aceite

Entrada

VDB-341551

CPE

pronto

CWE

CWE-79 (confirmado)

CVSS

5.4 (NVD)

EPSS

0.00019

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1008
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1008
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1008/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!