Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
MajorDoMo: Malicious Code Can Be Injected into Web Pages
CVE-2026-27176
Summary
The MajorDoMo software contains a security flaw that lets attackers inject malicious code onto web pages. This could allow hackers to take control of user sessions or steal sensitive information. Update to the latest version of MajorDoMo to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mjdm | majordomo | All versions | – |
Original title
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization v...
Original description
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by crafting a URL with malicious content in the qry parameter.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://chocapikk.com/posts/2026/majordomo-revisited/ Third Party Advisory Exploit
- https://github.com/sergejey/majordomo/pull/1177 Issue Tracking Exploit
- https://www.vulncheck.com/advisories/majordomo-reflected-cross-site-scripting-in... Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026