CVE-2026-36358
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability has been discovered in Juzaweb CMS version 5.0.0. A remote attacker can exploit the Add Banner Ads function to inject a malicious script and execute arbitrary code in the victim's browser.
Risk Assessment
The risk involves potential session hijacking, data theft, or malware distribution through a crafted banner ad displayed to users.
Recommendation
Immediately update Juzaweb CMS to the latest version and implement input filtering and encoding in the Add Banner Ads function.
Original NVD description (English source)
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function

