Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
elecV2P 3.8.3 Allows Remote Code Injection
CVE-2026-3955
Summary
A security flaw in elecV2P's JavaScript file processing allows hackers to inject malicious code remotely, which could compromise your system. This issue has been publicly disclosed, so it's essential to update your elecV2P software to the latest version to prevent potential attacks. Consider reaching out to the project developers to inform them of the issue if you haven't already.
Original title
A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile End...
Original description
A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026