Stored XSS Vulnerability in OKRs & Goals by Twiser Informatics Technology Consulting
CVE-2026-5005

5.4MEDIUM

What is CVE-2026-5005?

A vulnerability in the OKRs & Goals application from Twiser Informatics Technology Consulting allows for stored cross-site scripting (XSS) attacks. This occurs due to improper handling of input that enables malicious users to inject scripts within the application. If exploited, this can lead to unauthorized access and potential data breaches. The vulnerability affects versions of the product from 28220 to 28397, making it critical for users to apply security measures or patches to mitigate the risks associated with this issue.

Affected Version(s)

OKRs & Goals 28220 < 28398

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yunus KARA
.