CVE Catalog

CVE-2026-57656

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Summary

Cross Site Scripting (XSS) vulnerability in Hester Core versions up to 1.1.8. Allows an attacker to inject malicious JavaScript code into the page, potentially leading to session theft or user redirection.

Risk Assessment

The risk involves the possibility of hijacking an administrator or user session, which may result in unauthorized access to the admin panel and modification of site content.

Recommendation

Immediately update Hester Core to a version later than 1.1.8 where the vulnerability is fixed. If an update is not available, apply temporary mitigations such as input filtering.

Original NVD description (English source)

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS