CVE Catalog
CVE-2026-50876
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.15%
4th percentile — higher than 4% of all known CVEs
Summary
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Risk Assessment
This vulnerability could lead to user data theft or session hijacking, posing a serious security threat to the application.
Recommendation
It is recommended to update Deck9 Input to the latest version to mitigate this vulnerability and implement appropriate protections against XSS attacks.
Original NVD description (English source)
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

