Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
PideTuCita: Malicious Links Can Steal User Data
CVE-2025-40986
Summary
A security issue in PideTuCita allows hackers to send fake URLs that can steal sensitive user information, such as login credentials. This can happen when a user clicks on a malicious link. Update PideTuCita to the latest version to fix this issue.
Original title
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using t...
Original description
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'. This vulnerability can be exploited to steal confidential user data, such as session cookies or to perform actions on behalf of the user.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026