Stored Cross-Site Scripting Vulnerability in SpringBlade from Chillzhuang
CVE-2026-36763
6.1MEDIUM
What is CVE-2026-36763?
SpringBlade version 4.8.0 contains a stored cross-site scripting (XSS) vulnerability that arises from improper handling of user input within the /api/blade-desk/notice/submit endpoint. This flaw allows attackers to craft malicious input that, when processed by the application, can lead to the execution of arbitrary web scripts or HTML. As a result, this vulnerability poses significant risks to users, enabling potential data theft, session hijacking, and other malicious activities.
