πŸ›‘οΈ CVE-2026-1437
🟑 CVSS 6.1 β€” Medium βœ… No Known Exploit CWE-79 NVD
6.1
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through theΒ '/system/authentication/users/edit/' endpoint.

Details

Severity MEDIUM
CVSS Score 6.1
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE CWE-79
Public Exploit βœ… No
Source NVD
Published 2026-02-18
Updated 2026-06-02
Modified 2026-02-18
Fix URL N/A

Affected Packages

Software From version Fixed in
graylog β€” β€”

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free β†’

No credit card required  Β·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.