cvedb.io
CVE-2026-44960
NONE · CVSS 0
EPSS exploitation probability: 0%
Published 2026-06-23T17:17:00.230 · Last modified 2026-06-25T19:52:36.573

Summary

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.