Mercator

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-27639 MEDIUM PATCH This Month

Stored XSS in Mercator prior to version 2026.02.22 allows authenticated users to execute arbitrary JavaScript in other users' browsers by injecting malicious payloads into entity fields like contact points. The vulnerability exploits improperly escaped Blade template directives, enabling attackers to compromise administrator accounts and perform actions with their privileges. A patch is available in version 2026.02.22.

XSS Mercator

NVD GitHub

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-27639

EPSS 0% CVSS 5.4

MEDIUM PATCH This Month

Stored XSS in Mercator prior to version 2026.02.22 allows authenticated users to execute arbitrary JavaScript in other users' browsers by injecting malicious payloads into entity fields like contact points. The vulnerability exploits improperly escaped Blade template directives, enabling attackers to compromise administrator accounts and perform actions with their privileges. A patch is available in version 2026.02.22.

XSS Mercator

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy