exploitDog

CVE-2026-24127

Опубликовано: 23 янв. 2026

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.

Ссылки

https://github.com/typemill/typemill/commit/b506acd11e80fb9c8db5fa6c2c8ad73580b4e88c
Patch
https://github.com/typemill/typemill/releases/tag/v2.19.2
Product
Release Notes
https://github.com/typemill/typemill/security/advisories/GHSA-65x4-pjhj-r8wr
Third Party Advisory
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:typemill:typemill:*:*:*:*:*:*:*:*

Версия до 2.19.2 (исключая)

EPSS

Процентиль: 17%

0.00055

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

EPSS

Процентиль: 17%

0.00055

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79