Stored Cross-Site Scripting Vulnerability in SpringBlade from Chillzhuang
CVE-2026-36763

6.1MEDIUM

Key Information:

Vendor
CVE Published:
30 April 2026

What is CVE-2026-36763?

SpringBlade version 4.8.0 contains a stored cross-site scripting (XSS) vulnerability that arises from improper handling of user input within the /api/blade-desk/notice/submit endpoint. This flaw allows attackers to craft malicious input that, when processed by the application, can lead to the execution of arbitrary web scripts or HTML. As a result, this vulnerability poses significant risks to users, enabling potential data theft, session hijacking, and other malicious activities.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.