CVE-2026-1011
- EPSS 0.01%
- Veröffentlicht 15.01.2026 23:08:01
- Zuletzt bearbeitet 23.01.2026 20:26:55
A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTM...
CVE-2026-1009
- EPSS 0.02%
- Veröffentlicht 15.01.2026 22:51:32
- Zuletzt bearbeitet 23.01.2026 19:32:23
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed...
CVE-2026-1008
- EPSS 0.01%
- Veröffentlicht 15.01.2026 22:24:16
- Zuletzt bearbeitet 23.01.2026 19:34:53
A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based att...