CVE-2026-2946 | rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting

A vulnerability has been found in rymcu forest up to 0.0.5 and classified as problematic. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-2946. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2946 | rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting

Post correlati

CVE-2024-45595 | man-group dtale up to 3.14.0 cross site scripting (GHSA-pw44-4h99-wqff)

CVE-2024-6535 | Red Hat Service Interconnect 1 Skupper default credentials

CVE-2025-6397 | Ankara Hosting Website Design Website Software up to 03022026 cross site scripting

CVE-2025-11864 | NucleoidAI Nucleoid up to 0.7.10 Outbound Request /src/cluster.ts extension.apply https/ip/port/path/headers server-side request forgery