Photobooth before 1.0.1 allows hackers to inject malicious code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Photobooth before 1.0.1 allows hackers to inject malicious code

CVE-2026-27020

Summary

Photobooth versions before 1.0.1 are vulnerable to a security risk where hackers can inject malicious code into user input fields. This could allow them to take control of your website or steal user data. Update to version 1.0.1 or later to fix the issue.

Original title

Photobooth prior to 1.0.1 has a cross-site scripting (XSS) vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1...

Original description

nvd CVSS4.0 5.3

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://github.com/lukas12000/photobooth/security/advisories/GHSA-x2m3-43gg-rrgq

Published: 20 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026