Typemill

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-24127 MEDIUM POC PATCH This Month

Reflected XSS in Typemill's login error page allows unauthenticated attackers to inject malicious scripts by crafting requests with specially formatted usernames, since the username parameter lacks proper encoding when displayed after failed authentication attempts. Typemill versions 2.19.1 and below are affected, and public exploit code exists for this vulnerability. Version 2.19.2 contains the fix.

XSS Typemill

NVD GitHub

CVSS 3.1

5.4

EPSS

0.1%

CVE-2026-24127

EPSS 0% CVSS 5.4

MEDIUM POC PATCH This Month

Reflected XSS in Typemill's login error page allows unauthenticated attackers to inject malicious scripts by crafting requests with specially formatted usernames, since the username parameter lacks proper encoding when displayed after failed authentication attempts. Typemill versions 2.19.1 and below are affected, and public exploit code exists for this vulnerability. Version 2.19.2 contains the fix.

XSS Typemill

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy