Home / Vulnerability Intelligence / CVE-2026-30082

CVE-2026-30082 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: April 1, 2026

IngEstate Server - Stored XSS

Published: March 30, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

IngEstate Server v11.14.0 contains stored XSS vulnerabilities caused by improper sanitization in the Edit feature of the Software Package List page, letting attackers execute arbitrary scripts via crafted payloads in About application, What's news, or Release note parameters.

Severity & Score

Severity: Medium

CVSS Score: 6.1

Impact

Attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version of IngEstate Server.

References

http://ingestate.com
https://github.com/Cr0wld3r/CVE-2026-30082
https://ingenico.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30082
Severity: Medium
CVSS Score: 6.1
Type: stored_xss
Status: unconfirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N