1. Home
  2. CVE Database
  3. CVE-2026-1008
HIGH · 7.6

CVE-2026-1008

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML ...

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
AltiumAltium Live1.2.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2026-1008?

CVE-2026-1008 is a vulnerability with a CVSS score of 7.6 (HIGH). A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML ...

How severe is CVE-2026-1008?

CVE-2026-1008 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-1008?

Check the references section above for vendor advisories and patch information. Affected products include: Altium Altium Live.