CVE-2026-7677 | kerwincui FastBee up to 1.2.1 System Notice SysNoticeController.java add noticeContent cross site scripting

A vulnerability was found in kerwincui FastBee up to 1.2.1. It has been rated as problematic. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument noticeContent causes cross site scripting.

The identification of this vulnerability is CVE-2026-7677. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7677 | kerwincui FastBee up to 1.2.1 System Notice SysNoticeController.java add noticeContent cross site scripting

Post correlati

CVE-2024-7225 | SourceCodester Insurance Management System 1.0 Edit Insurance Policy Page update_policy pname cross site scripting

CVE-2025-38179 | Linux Kernel up to 6.12.34/6.15.3/6.16-rc2 SMB Client smb_extract_folioq_to_rdma out-of-bounds

CVE-2025-23817 | Mahadir Ahmad MHR-Custom-Anti-Copy Plugin up to 2.0 on WordPress cross-site request forgery

CVE-2024-25093 | Milan Petrovic GD Rating System Plugin up to 3.5 on WordPress cross site scripting