CVE-2026-5615 | givanz Vvvebjs up to 2.0.5 File Upload Endpoint upload.php uploadAllowExtensions cross site scripting

A vulnerability, which was classified as problematic, has been found in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting.

This vulnerability is registered as CVE-2026-5615. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Applying a patch is the recommended action to fix this issue.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5615 | givanz Vvvebjs up to 2.0.5 File Upload Endpoint upload.php uploadAllowExtensions cross site scripting

Post correlati

CVE-2024-2708 | Tenda AC10U 15.03.06.49 /goform/execCommand formexeCommand cmdinput stack-based overflow

CVE-2024-11239 | Landray EKP up to 16.0 API Interface import.do?method=deleteFile folder path traversal

CVE-2024-50599 | Synacor Zimbra Collaboration Suite 8.8.15 Webmail Calendar Endpoint cross site scripting

CVE-2025-70888 | mtrojnar Osslsigncode up to 2.10 osslsigncode.c privilege escalation (Issue 475)