Cross Site Scripting Vulnerability in DbGate by DbGate
CVE-2026-6216

5.1MEDIUM

Key Information:

Vendor

DbGate

Status
Dbgate
Vendor
CVE Published:
13 April 2026

What is CVE-2026-6216?

A security vulnerability exists in DbGate versions up to 7.1.4, specifically in the FontIcon.svelte component related to SVG Icon String handling. This flaw allows attackers to manipulate the applicationIcon argument, enabling cross site scripting (XSS) attacks. Such exploits can be executed remotely, exposing users to significant security risks. It is highly recommended to upgrade to version 7.1.5 to address this vulnerability and safeguard your application.

Affected Version(s)

DbGate 7.1.0

DbGate 7.1.1

DbGate 7.1.2

References

https://vuldb.com/vuln/357135
vdb-entrytechnical-description
https://vuldb.com/vuln/357135/cti
signaturepermissions-required
https://vuldb.com/submit/785841
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ngocnn97 (VulDB User)
.