Home / Vulnerability Intelligence / CVE-2026-30082

CVE-2026-30082 - Vulnerability Analysis

N/a

Last Updated: March 30, 2026

IngEstate Server - Stored XSS

Published: March 30, 2026Updated: March 30, 2026PoC Available

Overview

IngEstate Server v11.14.0 contains stored XSS vulnerabilities caused by improper sanitization in the Edit feature of the Software Package List page, letting attackers execute arbitrary scripts via crafted payloads in About application, What's news, or Release note parameters.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version of IngEstate Server.

References

http://ingestate.com
https://github.com/Cr0wld3r/CVE-2026-30082
https://ingenico.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30082
Severity: N/a
Type: stored_xss
Status: new

CVSS Metrics

N/A