Skip to main content

Ffmate

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5254 LOW POC Monitor

Stored cross-site scripting (XSS) in welovemedia FFmate up to version 2.0.15 allows authenticated remote attackers to inject malicious scripts via the Webhook Handler component's AppJsonTreeView.vue file. The vulnerability requires user interaction to trigger payload execution and has been publicly disclosed with exploit code available on GitHub. The vendor has not responded to early disclosure notifications, leaving users without an official patch.

XSS Ffmate
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5254
EPSS 0% CVSS 2.0
LOW POC Monitor

Stored cross-site scripting (XSS) in welovemedia FFmate up to version 2.0.15 allows authenticated remote attackers to inject malicious scripts via the Webhook Handler component's AppJsonTreeView.vue file. The vulnerability requires user interaction to trigger payload execution and has been publicly disclosed with exploit code available on GitHub. The vendor has not responded to early disclosure notifications, leaving users without an official patch.

XSS Ffmate
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy