CyberRota
← Ana sayfaya dön

CVE-2026-60119

MEDIUM · CVSS 5.4 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-14T16:17:04.250 · Çekilme zamanı: 2026-07-14T18:29:30.808837+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-60119
Severity
MEDIUM
CVSS
5.4
EPSS
Yok
Java

Orijinal NVD Açıklaması

Hi.Events through v1.10.0-beta contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the </script> sequence, which is not escaped by JSON.stringify() when embedded in inline script tags. Attackers can craft an event title that breaks out of the script context in the application/ld+json structured data block or server-side rehydrated state, causing the payload to execute in the browser of any user who views the public event page, including unauthenticated visitors and authenticated administrators.