Facilemanager
CVE-2026-30918
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Lifecycle Timeline
2DescriptionGitHub Advisory
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScript code into a URL by adding a script in a parameter. This vulnerability was found in the fmDNS module. The parameter that is vulnerable to an XSS attack is log_search_query. This vulnerability is fixed in 6.0.4.
AnalysisAI
FacileManager versions prior to 6.0.4 contain a reflected cross-site scripting vulnerability in the fmDNS module's log_search_query parameter that allows authenticated attackers to inject malicious JavaScript through crafted URLs. An attacker with login credentials can exploit this to execute arbitrary scripts in users' browsers, potentially compromising sensitive administrative data or session tokens. No patch is currently available for affected deployments.
Technical ContextAI
This vulnerability (CWE-79: Cross-site Scripting (XSS)) exists in the fmDNS component. facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScript code into a URL by adding a script in a parameter. This vulnerability was found in the fmDNS module. The parameter that is vulnerable to an XSS attack is log_search_query. This vulnerability is fixe
RemediationAI
Fixed in version 6.0.4.. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Facilemanager
View allfacileManager is a modular suite of web apps built with the sysadmin in mind. Rated high severity (CVSS 8.8), this vulne
facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 6.5), this vul
facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 5.4), this vul
facileManager is a modular suite of web apps built with the sysadmin in mind. versions up to 6.0.4 is affected by cross-
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today