Skip to main content

Contact Manager

1 CVEs product

Monthly

CVE-2026-32517 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Kleor Contact Manager through version 9.1, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects the Contact Manager plugin and can be exploited via reflected XSS attacks where user input is improperly neutralized during web page generation. An attacker can craft a malicious URL containing JavaScript payloads that execute in the victim's browser, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or active KEV status is currently available; however, the confirmed presence of the vulnerability through Patchstack indicates a legitimate security concern requiring immediate attention.

XSS Contact Manager
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Kleor Contact Manager through version 9.1, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects the Contact Manager plugin and can be exploited via reflected XSS attacks where user input is improperly neutralized during web page generation. An attacker can craft a malicious URL containing JavaScript payloads that execute in the victim's browser, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or active KEV status is currently available; however, the confirmed presence of the vulnerability through Patchstack indicates a legitimate security concern requiring immediate attention.

XSS Contact Manager
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy