CVE-2026-3050 | horilla-opensource horilla up to 1.0.2 Leads global.js Notes cross site scripting

Inserito da Angelo Barbosa | Feb 23, 2026 | CVE

A vulnerability marked as problematic has been reported in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting.

This vulnerability is tracked as CVE-2026-3050. The attack is possible to be carried out remotely. Moreover, an exploit is present.

It is suggested to upgrade the affected component.

CVE-2026-3050 | horilla-opensource horilla up to 1.0.2 Leads global.js Notes cross site scripting

Post correlati

CVE-2024-48953 | Logpoint up to 7.4.x Authentication Plugin improper authentication

CVE-2025-53930 | LabRedesCefetRJ WeGIA up to 3.4.4 adicionar_especie.php especie cross site scripting

CVE-2025-22569 | grandslambert Featured Page Widget Plugin up to 2.2 on WordPress cross site scripting

CVE-2023-46144 | Phoenix Contact AXC F 1152 code download (VDE-2023-056)