A vulnerability was found in MyEMS up to 6.4.0 and classified as problematic. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument new_values[‘data’] results in cross site scripting.

This vulnerability is reported as CVE-2026-15321. The attack can be launched remotely. Moreover, an exploit is present.

It is suggested to upgrade the affected component.

The issue report remains open even though there is an official fix for it.