CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was found in rymcu forest up to 0.0.5 and classified as problematic. This affects the function updateUserInfo of the file – src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting.

This vulnerability is identified as CVE-2026-2947. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting

Post correlati

CVE-2026-24675 | FreeRDP up to 3.21.x urb_select_interface use after free (GHSA-x9jr-99h2-g7mj)

CVE-2025-23285 | NVIDIA GPU Display Driver R535/R570 Virtual GPU Manager permission assignment

CVE-2025-52889 | lxc incus 6.12/6.13 allocation of resources

CVE-2024-41174 | Beckhoff IPC Diagnostics Package/TwinCAT BSD cross site scripting (VDE-2024-048)