Skip to main content

Hotgo

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5253 LOW POC Monitor

Stored cross-site scripting (XSS) in bufanyun HotGo 1.0/2.0 allows authenticated remote attackers to inject malicious scripts via the editNotice endpoint in the MessageList.vue component, affecting the application's message handling functionality. The vulnerability requires user interaction (UI:R) to execute but has publicly available exploit code and a low CVSS score (3.5) due to limited attack complexity and minimal impact scope. The vendor has not responded to early disclosure attempts.

XSS Hotgo
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5253
EPSS 0% CVSS 2.0
LOW POC Monitor

Stored cross-site scripting (XSS) in bufanyun HotGo 1.0/2.0 allows authenticated remote attackers to inject malicious scripts via the editNotice endpoint in the MessageList.vue component, affecting the application's message handling functionality. The vulnerability requires user interaction (UI:R) to execute but has publicly available exploit code and a low CVSS score (3.5) due to limited attack complexity and minimal impact scope. The vendor has not responded to early disclosure attempts.

XSS Hotgo
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy