216.73.216.190

CVE-2026-45231

· Published 18/05/2026 19:16 · Modified 18/05/2026 19:42

Labels: CVE-2026-45231 2026-05-18CVE-2026-45231CWE-79[email protected]

Essential information

Published
18/05/2026 19:16
Modified
18/05/2026 19:42
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or update assets with HTML or JavaScript payloads via the asset API endpoints to execute arbitrary scripts in the browsers of users viewing the asset list, and with Content-Security-Policy disabled, the injected scripts can make unrestricted connections to internal network services.

NVD status

Status
Deferred — When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dumbassets / dumbassets cpe:2.3:a:dumbassets:dumbassets:1.0.11:*:*:*:*:*:*:*

References