Reflected XSS Vulnerability in DRIMO CMS by DRIMO
CVE-2026-11772

5.1MEDIUM

Key Information:

Vendor: Drimo
Status: Drimo Cms
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-11772?

DRIMO CMS is susceptible to a reflected cross-site scripting (XSS) vulnerability through the 'q' parameter used in its search functionality. An attacker can craft a malicious URL that, when accessed, executes arbitrary JavaScript code in the context of the victim's browser. This poses significant security risks as it could lead to data theft, session hijacking, or other malicious activities. The product is currently in an End Of Life phase and will not receive security updates. To mitigate this vulnerability, it is recommended to remove the 'info.php' file from the installation.

Affected Version(s)

DRIMO CMS 0 <= 1.0

References

https://cert.pl/posts/2026/06/CVE-2026-11772

third-party-advisory

http://www.drimo.pl/cms

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 9, 2026

Credit

Jarosław Przebinda

Marcin Motwicki

CVE-2026-11772 Data

JSON

Drimo

What is CVE-2026-11772?

Affected Version(s)

References

CVSS V4

Timeline

Credit