What is the CVSS score of CVE-2026-36766?

CVE-2026-36766 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Shopizer CVE-2026-36766

EUVD-2026-26406 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-04-30 mitre

XSS N A

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 30, 2026 - 20:30 vuln.today

CVSS changed

Apr 30, 2026 - 19:22 NVD

5.4 (MEDIUM)

EUVD ID Assigned

Apr 30, 2026 - 18:15 euvd

EUVD-2026-26406

Analysis Generated

Apr 30, 2026 - 18:15 vuln.today

CVE Published

Apr 30, 2026 - 00:00 nvd

MEDIUM 5.4

DescriptionNVD

Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.

AnalysisAI

Authenticated cross-site scripting (XSS) vulnerabilities in Shopizer v3.2.5's XssHttpServletRequestWrapper class allow authenticated attackers to execute arbitrary web scripts or HTML by injecting crafted payloads into the getInputStream() or getReader() functions. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exploitation to logged-in users who can be socially engineered into clicking malicious links or submitting forms. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36766 vulnerability details – vuln.today

Back