CVE Catalog

CVE-2026-42738

High
Published: Translated: NVD NIST

Summary

CVE-2026-42738 describes an improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in the ZAYTECH Smart Online Order for Clover application. This issue affects versions from n/a through 1.6.0.

Risk Assessment

An attacker could exploit this vulnerability to inject malicious JavaScript code, potentially leading to user data theft or session hijacking. This poses a significant threat to data security within the organization.

Recommendation

It is recommended to update the ZAYTECH Smart Online Order application to the latest version to mitigate this vulnerability. Additionally, implementing security mechanisms against XSS attacks is advisable.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS