CVE-2026-40598
MEDIUMLifecycle Timeline
1DescriptionCVE.org
Improper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML.
While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting.
Impact
Cross-site scripting (XSS).
Patches
- b1ebc57763f104eb5f541b7b4d1ce6948168abd9
Workarounds
None
Credits
Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Analysis
Improper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML.
While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting.
Impact
Cross-site scripting (XSS).
Patches
- b1ebc57763f104eb5f541b7b4d1ce6948168abd9
Workarounds
None
Credits
Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-6jh4-47v2-4g37