Stored Cross-Site Scripting Vulnerability in Cotonti Product by Cotonti
CVE-2026-55746
7HIGH
What is CVE-2026-55746?
The Cotonti 1.0.0 application has a vulnerability in its Personal File Storage (PFS) module that allows authenticated users to inject HTML and JavaScript into folder titles. This occurs because the input from the folder title is not properly sanitized or encoded before being stored and displayed. When users view folder listings, malicious scripts can execute in the browsers of anyone accessing public folders, posing significant security risks.
Affected Version(s)
Cotonti 1.0.0
References
CVSS V4
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Saidakbarxon Maxsudxonov (sermikro), Innova Networks