CVE-2026-1008

EPSS 0.01%
Veröffentlicht 15.01.2026 22:24:16
Zuletzt bearbeitet 23.01.2026 19:34:53
Quelle 4760f414-e1ae-4ff1-bdad-c7a9c3
CVE-Watchlists
Login
Unerledigt
Login

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques.
The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Altium ≫ Altium Live Version1.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4760f414-e1ae-4ff1-bdad-c7a9c3538b79	7.6	2.3	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.altium.com/platform/security-compliance/security-advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1008

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1008

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1008

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1008