Vulnerabilities

CVE-2026-1469 - Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager

2026-01-29 0 views admin

CVE ID : CVE-2026-1469 Published : Jan. 29, 2026, 12:16 p.m. | 1 hour, 13 minutes ago Description : Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequently displayed without proper sanitization when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1469

Severity

MEDIUM

Published

Jan. 29, 2026

Affected Product: php

Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1469mediumphp

CVE-2026-1469 - Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3134 - itsourcecode News Portal Project edit-category.php sql injection

CVE-2026-3133 - itsourcecode Document Management System Login loging.php sql injection

CVE-2025-46320 - FileMaker WebDirect Cross-Site Scripting (XSS)

CVE-2026-21410 - InSAT MasterSCADA BUK-TS SQL Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting