Vulnerability Description
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/zzj-create/cvetest/blob/main/VULN-05_BACKURL_OPEN_REDIRECT_XS
- https://vuldb.com/?ctiid.352076
- https://vuldb.com/?id.352076
- https://vuldb.com/?submit.773904
FAQ
What is CVE-2026-4510?
CVE-2026-4510 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipul...
How severe is CVE-2026-4510?
CVE-2026-4510 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-4510?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.