← Zuruck zu CVEs
CVE-2026-1008
HIGH7.6
Beschreibung
A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.
CVE Details
CVSS v3.1 Bewertung7.6
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht1/15/2026
Zuletzt geandert1/23/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
altium:altium_live
Schwachen (CWE)
CWE-79
Referenzen
https://www.altium.com/platform/security-compliance/security-advisories(4760f414-e1ae-4ff1-bdad-c7a9c3538b79)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.