Reflected Cross-Site Scripting Vulnerability in Vvveb CMS by Givanz
CVE-2026-45622

5.3MEDIUM

Key Information:

Vendor: Givanz
Status: Vvveb
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-45622?

Vvveb CMS, a user-friendly content management system with integrated page building capabilities, is susceptible to an unauthenticated reflected cross-site scripting (XSS) vulnerability. This issue occurs in the public product return form, where the customer_order_id POST parameter is improperly handled. If an order lookup fails, the error message generated incorporates this parameter directly into the frontend without proper HTML escaping. Consequently, this flaw allows attackers to inject and execute arbitrary HTML or JavaScript in the browser of the submitting user. It poses significant risks such as unauthorized access and data manipulation. This vulnerability was addressed in version 1.0.8.3 of Vvveb CMS.

Affected Version(s)

Vvveb < 1.0.8.3

References

https://github.com/givanz/Vvveb/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45622 Data

JSON