CVE-2026-2965 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.9 System Extension edit.html Title cross site scripting

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. It has been classified as problematic. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting.

This vulnerability is identified as CVE-2026-2965. The attack can be initiated remotely. Additionally, an exploit exists.

This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2965 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.9 System Extension edit.html Title cross site scripting

Post correlati

CVE-2024-5700 | Mozilla Firefox up to 126 memory corruption

CVE-2026-22281 | Dell PowerScale OneFS up to 9.13.0.0 toctou (dsa-2026-049)

CVE-2024-37265 | Martin Gibson IdeaPush Plugin up to 8.60 on WordPress cross site scripting

CVE-2024-0899 | s2Member Plugin up to 230815 on WordPress information disclosure