Logo
Retour à la veille

CVE-2026-36725

Publié : 9 juin 2026
Modifié : 9 juin 2026
Lien officiel NVD
Score CVSS
6.1
MEDIUM

Description détaillée

A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Références et Patchs

https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6

Dernières Vulnérabilités

CVE-2026-47905

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

VOIR DÉTAILS

CVE-2026-47904

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

VOIR DÉTAILS

CVE-2026-47903

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

VOIR DÉTAILS