CVE Catalog

CVE-2026-57325

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The vulnerability allows an unauthenticated attacker to inject malicious script (XSS) in NanoMag version 1.8 and earlier. The attack can be performed without authentication, increasing the risk for users.

Risk Assessment

The risk involves potential session theft, redirection to malicious sites, or other actions in the victim's browser context, which may lead to data confidentiality breaches.

Recommendation

It is recommended to immediately update to the latest version of NanoMag that fixes this vulnerability. If an update is not available, apply temporary mitigations such as input filtering.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS