| Title | WebSystems WebTOTUM (2026) Cross Site Scripting |
|---|
| Description | WebTOTUM is a cloud-based business management software developed by WebSystems and it's an all-in-one platform for managing a company’s operations online.
A stored cross-site scripting (XSS) vulnerability has been discovered in the software that allows attackers to inject web scripts or arbitrary HTML code by manipulating the calendar feature on the homepage dashboard. The payload is stored on the server and executed in the context of other users’ browsers when they access the affected page. This vulnerability arises from insufficient validation or escaping of user-supplied input and may allow attackers to compromise user sessions or perform unauthorized actions. |
|---|
| Source | ⚠️ https://olografix.org/acme/WebTOTUM-POC.gif |
|---|
| User | acme (UID 61097) |
|---|
| Submission | 04/01/2026 12:56 (23 days ago) |
|---|
| Moderation | 04/21/2026 13:56 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 358434 [WebSystems WebTOTUM 2026 Calendar cross site scripting] |
|---|
| Points | 20 |
|---|