Home / Vulnerability Intelligence / CVE-2026-5252

CVE-2026-5252 - Vulnerability Analysis

LowCVSS: 3.5

Last Updated: April 1, 2026

z-9527 admin - Stored XSS

Published: April 1, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

z-9527 admin 1.0/2.0 contains a stored XSS caused by input manipulation in /server/routes/message.js Message Create Endpoint, letting remote attackers execute scripts, exploit requires crafted input.

Severity & Score

Severity: Low

CVSS Score: 3.5

Impact

Remote attackers can execute scripts in users' browsers, potentially stealing data or performing actions on behalf of users.

Mitigation

Update to the latest version or apply vendor patches addressing the XSS vulnerability.

References

https://vuldb.com/vuln/354442
https://vuldb.com/vuln/354442/cti
https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-10
https://vuldb.com/submit/780613

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-5252
Severity: Low
CVSS Score: 3.5
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N