CVE-2026-32728 | parse-community parse-server up to 8.6.40/9.6.0-alpha.14 File Extension cross site scripting (GHSA-42ph-pf9q-cr72)

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability classified as problematic was found in parse-community parse-server up to 8.6.40/9.6.0-alpha.14. Affected by this issue is some unknown functionality of the component File Extension Handler. Such manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2026-32728. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-32728 | parse-community parse-server up to 8.6.40/9.6.0-alpha.14 File Extension cross site scripting (GHSA-42ph-pf9q-cr72)

Post correlati

CVE-2024-47093 | Nagvis up to 1.9.41 cross site scripting

CVE-2023-51281 | Customer Support System 1.0 firstname/lastname/middlename/contact/address cross site scripting

CVE-2024-41168 | Intel PROSet/Wireless WiFi/Killer WiFi up to 23.79 on Windows use after free (intel-sa-01224)

CVE-2025-1556 | westboy CicadasCMS 1.0 Template Management /system deserialization