Cross-Site Scripting Vulnerability in Movary Web Application
CVE-2026-23841
9.3CRITICAL
What is CVE-2026-23841?
Movary, a web application designed for tracking and rating movie watch history, suffers from an input validation issue that allows attackers to inject and execute malicious cross-site scripting (XSS) payloads. This vulnerability affects versions prior to 0.70.0, specifically in the parameter ?categoryCreated=. Users are advised to upgrade to version 0.70.0 or consolidate their input validation measures to mitigate the risks associated with potential XSS attacks.
Affected Version(s)
movary < 0.70.0