Cross-Site Scripting Vulnerability in LigeroSmart Affected by Profile Manipulation
CVE-2026-2545
Key Information:
- Vendor
LigeroSmart
- Status
- Vendor
- CVE Published:
- 16 February 2026
Badges
What is CVE-2026-2545?
A cross-site scripting vulnerability has been identified in LigeroSmart, affecting versions up to 6.1.26. This weakness is associated with the file /otrs/index.pl?Action=AgentTicketSearch, where an attacker can manipulate the argument 'Profile' to execute arbitrary JavaScript in the context of the victim's browser. Since this manipulation can be initiated remotely, it poses a significant threat to users who may unknowingly engage with compromised content. The project team has been notified about the issue through an official report, but no response or remediation has been issued at this time, leaving users at risk for potential exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
LigeroSmart 6.1.0
LigeroSmart 6.1.1
LigeroSmart 6.1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved