Cross Site Scripting in SourceCodester API Key Manager App
CVE-2026-0580

5.1MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Api Key Manager App
Vendor
CVE Published:
5 January 2026

What is CVE-2026-0580?

A vulnerability exists in the SourceCodester API Key Manager App 1.0 that allows attackers to exploit an unknown functionality of the Import Key Handler component. This can lead to cross site scripting (XSS) attacks, enabling remote manipulation and potentially compromising user data. Given the nature of XSS, the vulnerability allows for malicious scripts to run in the context of users interacting with the application, posing significant security risks.

Affected Version(s)

API Key Manager App 1.0

References

https://vuldb.com/?id.339472
vdb-entry
https://vuldb.com/?ctiid.339472
signaturepermissions-required
https://vuldb.com/?submit.731146
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kamran Saifullah (VulDB User)
JSON
.