CVE-2026-2145 | cym1102 nginxWebUI up to 4.3.7 Web Management Interface /adminPage/conf/check nginxDir cross site scripting (Issue 203)

A vulnerability described as problematic has been identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting.

This vulnerability is documented as CVE-2026-2145. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2145 | cym1102 nginxWebUI up to 4.3.7 Web Management Interface /adminPage/conf/check nginxDir cross site scripting (Issue 203)

Post correlati

CVE-2024-44852 | Open Robotics ROS2 isUnsafeToPlan memory corruption (ID 4464)

CVE-2024-25897 | ChurchCRM 5.5.0 GET Parameter FRCatalog.php CurrentFundraiser sql injection

CVE-2024-10646 | Fluent Contact Form Plugin up to 5.2.6 on WordPress cross site scripting

CVE-2023-6465 | PHPGurukul Nipah Virus Testing Management System 1.0 registered-user-testing.php regmobilenumber cross site scripting