Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
WeRSS we-mp-rss: Cross-Site Scripting in Article Module
CVE-2026-2825
Summary
A security issue in WeRSS we-mp-rss 1.4.8 and earlier allows attackers to inject malicious code into web pages, potentially allowing them to take control of user sessions. This could lead to unauthorized access to user data or actions. Update to the latest version of WeRSS we-mp-rss to fix this issue.
Original title
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross ...
Original description
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
4.0
nvd CVSS3.1
3.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026