5.1

CVE-2026-42371

ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uriparser ProjectUriparser Version < 1.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.068
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-197 Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

https://github.com/uriparser/uriparser/pull/298
Patch
Issue Tracking
https://uriparser.github.io
Product
http://www.openwall.com/lists/oss-security/2026/04/27/2
Third Party Advisory
Mailing List