Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PbootCMS Cross-Site Scripting Risk Through Malicious Redirects
CVE-2026-4510
Summary
Attackers can inject malicious code into PbootCMS versions up to 3.2.12, potentially taking control of user sessions or stealing sensitive information. This could happen if a user clicks on a malicious link or visits a compromised website. To protect your site, update to the latest version of PbootCMS as soon as possible.
Original title
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This mani...
Original description
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026