CVE-2026-9519 | stonith404 pingvin-share up to 1.13.0 Sign-in Auto-Redirect signIn.tsx getServerSideProps redirect cross site scripting

A vulnerability described as problematic has been identified in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting.

This vulnerability was named CVE-2026-9519. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9519 | stonith404 pingvin-share up to 1.13.0 Sign-in Auto-Redirect signIn.tsx getServerSideProps redirect cross site scripting

Post correlati

CVE-2024-10388 | GDPR Plugin up to 2.0.2 on WordPress cross site scripting

CVE-2023-7098 | icret EasyImages 2.8.3 app/hide.php key path traversal

CVE-2026-25133 | October LMS up to 3.7.13/4.1.9 SVG File Parser cross site scripting (GHSA-gcqv-f29m-67gr)

CVE-2024-13362 | AidWP Plugin on WordPress Parameter url cross site scripting