CVE-2026-44264
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WeblateOrg | weblate | < 5.17.1 | affected |
Weaknesses
- CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279
- https://github.com/WeblateOrg/weblate/pull/19259
- https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.