Cross-Site Scripting Vulnerability in Movary Web Application
CVE-2026-23840
9.3CRITICAL
What is CVE-2026-23840?
Movary, a web application designed for tracking and rating movies, is susceptible to cross-site scripting (XSS) attacks due to insufficient input validation in versions prior to 0.70.0. Attackers can exploit this vulnerability by injecting malicious scripts through the 'categoryDeleted' parameter. It is crucial for users to update to version 0.70.0, which resolves this security issue and mitigates the risk of XSS attacks.
Affected Version(s)
movary < 0.70.0