CVE-2026-5332 | Xiaopi Panel 1.0.0 WAF Firewall /demo.php param cross site scripting

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability has been found in Xiaopi Panel 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting.

This vulnerability is referenced as CVE-2026-5332. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5332 | Xiaopi Panel 1.0.0 WAF Firewall /demo.php param cross site scripting

Post correlati

CVE-2023-6488 | WP Shortcodes Plugin up to 7.0.0 on WordPress cross site scripting

CVE-2026-2721 | MailArchiver Plugin up to 4.4.0 on WordPress Setting cross site scripting

CVE-2022-49059 | Linux Kernel up to 5.17.3 nci_dev_up use after free

CVE-2023-45480 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn sub_47D878 src stack-based overflow