Cross Site Scripting Vulnerability in RafyMrX Toko-Online-Roti Software
CVE-2026-38940

6.1MEDIUM

Key Information:

Vendor

RafyMrX

Vendor
CVE Published:
30 April 2026

What is CVE-2026-38940?

A Cross Site Scripting (XSS) vulnerability found in version 1.0 of RafyMrX Toko-Online-Roti enables remote attackers to execute arbitrary scripts by manipulating the detail_produk.php component. This could lead to various security issues, including unauthorized access to sensitive information or the injection of malicious payloads, potentially compromising user sessions and data integrity.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.