CVE-2026-3955 | elecV2P up to 3.8.3 jsfile Endpoint wbjs.js runJSFile code injection (Issue 194)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability was found in elecV2P up to 3.8.3. It has been declared as critical. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection.

This vulnerability is traded as CVE-2026-3955. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-3955 | elecV2P up to 3.8.3 jsfile Endpoint wbjs.js runJSFile code injection (Issue 194)

Post correlati

CVE-2024-6188 | Parsec Automation TrackSYS 11.x.x pagedefinition ID direct request

CVE-2024-5964 | Zenon Lite Plugin up to 1.9 on WordPress Button Shortcode cross site scripting

CVE-2024-26594 | Linux Kernel up to 5.15.148/6.1.74/6.6.13/6.7.1 ksmbd Privilege Escalation

CVE-2025-64519 | TorrentPier up to 2.8.8 topic_id sql injection (GHSA-4rwr-8c3m-55f6)