CVE-2026-9608

Summary

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
QianFoxFoxCMS1.2.0affected
QianFoxFoxCMS1.2.1affected
QianFoxFoxCMS1.2.2affected
QianFoxFoxCMS1.2.3affected
QianFoxFoxCMS1.2.4affected
QianFoxFoxCMS1.2.5affected
QianFoxFoxCMS1.2.6affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References