Cross-Site Scripting Vulnerability in ValeApp by OceanicSoft Informatics Systems Ltd
CVE-2026-2342

9.3CRITICAL

What is CVE-2026-2342?

A cross-site scripting vulnerability exists in ValeApp, developed by OceanicSoft Informatics Systems Ltd. This flaw arises from improper handling of user input, allowing an attacker to inject and store malicious scripts in the application. When untrusted users view the affected web pages, these scripts are executed in their browsers, potentially leading to unauthorized actions or data theft. The issue is particularly concerning as the vendor has not responded to disclosure efforts, thereby leaving users at risk. Users are advised to review their application's input validation procedures and implement necessary patches as they become available.

Affected Version(s)

ValeApp 0 <= 09072026

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sadık ÇİDEM
.