CVE-2026-44960
UnknownCVSS 0.0Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
CVE-2026-44960 involves a stored XSS that can be exploited by leveraging usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation.
Risk Assessment
The organization is exposed to XSS attacks that could lead to data theft or compromise of admin accounts. The execution of malicious code may threaten the integrity of the system and data.
Recommendation
It is recommended to implement proper output sanitisation and escaping in the audit log details to prevent the execution of malicious code. An audit of existing usernames for potential threats should also be conducted.
Original NVD description (English source)
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.

