CVE-2026-11434
LowCVSS 2.4Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A weakness has been identified in FluentCMS 0.0.5, affecting an unknown function of the file /admin/blocks of the Blocks Plugin component. This manipulation leads to cross-site scripting attacks.
Risk Assessment
An attacker may remotely exploit this vulnerability to carry out attacks, posing a serious threat to the application's security and user data.
Recommendation
It is recommended to update to the latest version of FluentCMS and monitor the application for unauthorized activities.
Original NVD description (English source)
A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

