CVE-2026-2897 | funadmin up to 7.1.0-rc4 Backend Interface index.html Value cross site scripting

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been rated as problematic. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-2897. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2897 | funadmin up to 7.1.0-rc4 Backend Interface index.html Value cross site scripting

Post correlati

CVE-2024-29442 | ROS2 Humble Hawksbill improper authorization

CVE-2026-22624 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 access control

CVE-2025-64457 | JetBrains dotTrace up to 2025.2.4 toctou

CVE-2025-13063 | DinukaNavaratna Dee Store 1.0 authorization