CVE-2026-3041

Summary

A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
xingfuggzBaykeShop1.3.0affected
xingfuggzBaykeShop1.3.1affected
xingfuggzBaykeShop1.3.2affected
xingfuggzBaykeShop1.3.3affected
xingfuggzBaykeShop1.3.4affected
xingfuggzBaykeShop1.3.5affected
xingfuggzBaykeShop1.3.6affected
xingfuggzBaykeShop1.3.7affected
xingfuggzBaykeShop1.3.8affected
xingfuggzBaykeShop1.3.9affected
xingfuggzBaykeShop1.3.10affected
xingfuggzBaykeShop1.3.11affected
xingfuggzBaykeShop1.3.12affected
xingfuggzBaykeShop1.3.13affected
xingfuggzBaykeShop1.3.14affected
xingfuggzBaykeShop1.3.15affected
xingfuggzBaykeShop1.3.16affected
xingfuggzBaykeShop1.3.17affected
xingfuggzBaykeShop1.3.18affected
xingfuggzBaykeShop1.3.19affected
xingfuggzBaykeShop1.3.20affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References