CVE-2026-42457 | loft-sh loft up to 4.4.2/4.5.4/4.6.1/4.7.0 Name cross site scripting (GHSA-x7cq-v3h6-426c)

Inserito da Angelo Barbosa | Mag 14, 2026 | CVE

A vulnerability classified as problematic was found in loft-sh loft up to 4.4.2/4.5.4/4.6.1/4.7.0. Affected by this vulnerability is an unknown functionality. Such manipulation of the argument Name leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-42457. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-42457 | loft-sh loft up to 4.4.2/4.5.4/4.6.1/4.7.0 Name cross site scripting (GHSA-x7cq-v3h6-426c)

Post correlati

CVE-2024-34959 | DedeCMS 5.7.113 sys_data_replace.php cross site scripting

CVE-2024-56706 | Linux Kernel up to 6.12.1 cpum_sf mutex_lock allocation of resources

CVE-2023-6511 | Google Chrome prior 120.0.6099.62 Autofill information disclosure

CVE-2023-50855 | Sam Perrow Pre Party Resource Hints Plugin up to 1.8.18 on WordPress sql injection