CVE-2026-29048

Medium CVSS: 6.9

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user's browser. This issue has been patched in version 1.18.1.

Vendor

Humhub

Product

Humhub

CWE

CWE-79

Yayın Tarihi

2026-03-06 07:16:01

Güncelleme

2026-03-09 21:23:43

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Humhub MEDIUM Humhub 2026

Referanslar

https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a https://github.com/humhub/humhub/pull/8039 https://github.com/humhub/humhub/releases/tag/v1.18.1 https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gm

Benzer Kayıtlar

Medium

CVE-2026-29052

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and ef…

High

CVE-2025-64442

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search fe…

Medium

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functi…

Critical

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have…