Matcha Sns
Monthly
Stored cross-site scripting (XSS) in MATCHA SNS 1.3.9 and earlier allows authenticated users to inject arbitrary scripts that execute in the browsers of other users accessing affected pages, potentially leading to session hijacking, credential theft, or malware distribution. CVSS 5.4 reflects the requirement for user interaction and authenticated access; no public exploit code or active exploitation has been identified at the time of analysis.
Stored cross-site scripting (XSS) in MATCHA SNS 1.3.9 and earlier allows authenticated users to inject arbitrary scripts that execute in the browsers of other users accessing affected pages, potentially leading to session hijacking, credential theft, or malware distribution. CVSS 5.4 reflects the requirement for user interaction and authenticated access; no public exploit code or active exploitation has been identified at the time of analysis.