What is the CVSS score of CVE-2026-38947?

CVE-2026-38947 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

FluentCMS CVE-2026-38947

EUVD-2026-27474 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-05-05 mitre

XSS N A

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

May 06, 2026 - 16:22 vuln.today

CVSS changed

May 06, 2026 - 16:22 NVD

6.1 (MEDIUM)

DescriptionNVD

FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin.

AnalysisAI

Reflected cross-site scripting (XSS) in FluentCMS 1.2.3 TextHTML plugin allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by other users via specially crafted requests. The vulnerability requires user interaction (clicking a malicious link) and affects confidentiality and integrity with a CVSS score of 6.1, but is not currently exploited in the wild and carries negligible exploitation probability per EPSS.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-38947 vulnerability details – vuln.today

Back