CVE-2026-28417 | vim up to 9.2.0072 URL cross site scripting (GHSA-m3xh-9434-g336)

Inserito da Angelo Barbosa | Feb 28, 2026 | CVE

A vulnerability was found in vim up to 9.2.0072. It has been classified as critical. The affected element is an unknown function of the component URL Handler. Performing a manipulation results in improper neutralization of invalid characters in identifiers in web pages.

This vulnerability is known as CVE-2026-28417. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-28417 | vim up to 9.2.0072 URL cross site scripting (GHSA-m3xh-9434-g336)

Post correlati

CVE-2025-7684 | Last.fm Recent Album Artwork Plugin up to 1.0.2 on WordPress Setting lastfm_albums_artwork.php cross-site request forgery

CVE-2025-11406 | kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab SysUserController.java getAllUsers information disclosure

CVE-2024-40835 | Apple iOS/iPadOS Shortcut access control

CVE-2024-43642 | Microsoft