216.73.216.67

CVE-2026-39416

· Published 08/04/2026 21:16 · Modified 08/04/2026 21:26

Labels: CVE-2026-39416 2026-04-08CVE-2026-39416CWE-79[email protected]

Essential information

Published
08/04/2026 21:16
Modified
08/04/2026 21:26
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled content was returned without an explicit text/plain content type, allowing the browser to interpret the response as active HTML. This could result in execution of arbitrary JavaScript in the context of an authenticated user viewing a crafted item. This vulnerability is fixed in 6.8.

NVD status

Status
Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ail / framework cpe:2.3:a:ail:framework:<6.8:*:*:*:*:*:*:*

References