CVE ID :CVE-2026-40038 Published : April 13, 2026, 7:16 p.m. | 32 minutes ago Description :Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters across multiple controllers, which are stored in the database and executed in users' browser sessions due to improper sanitization via Request::getRawParameter() or Request::getParameter() calls. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...