Planmanager

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-1469 MEDIUM This Month

Stored XSS in RLE NOVA PlanManager allows authenticated users to inject malicious scripts via the comment and brand parameters, which are executed in other users' browsers without sanitization. An attacker can leverage this to hijack sessions, steal credentials, or perform unauthorized actions on behalf of victims. Exploitation requires user interaction and network access, with no patch currently available.

PHP XSS Planmanager

NVD

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-1469

EPSS 0% CVSS 5.4

MEDIUM This Month

Stored XSS in RLE NOVA PlanManager allows authenticated users to inject malicious scripts via the comment and brand parameters, which are executed in other users' browsers without sanitization. An attacker can leverage this to hijack sessions, steal credentials, or perform unauthorized actions on behalf of victims. Exploitation requires user interaction and network access, with no patch currently available.

PHP XSS Planmanager

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy