CVE Catalog

CVE-2026-30082

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

Multiple stored cross-site scripting (XSS) vulnerabilities were found in the Edit feature of the Software Package List page in IngEstate Server v11.14.0. Attackers can inject malicious payloads into the About application, What's news, or Release note parameters, leading to arbitrary script or HTML execution.

Risk Assessment

The risk includes potential session hijacking, data theft, or malware distribution within the organization when crafted content is displayed to other administrators.

Recommendation

Immediately update IngEstate Server to the latest version and implement input filtering and encoding for the About application, What's news, and Release note parameters.

Original NVD description (English source)

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS