Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Pixfort Core allows malicious code to run on user's browser
CVE-2026-28072
Summary
The Pixfort Core software does not properly filter user input, which can allow hackers to inject malicious code into web pages. This can lead to unauthorized actions or data theft. Update Pixfort Core to version 3.2.23 or later to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Core pixfort-core allows Reflected XSS.This issue affects pixfort Core: from n/...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Core pixfort-core allows Reflected XSS.This issue affects pixfort Core: from n/a through <= 3.2.22.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026