Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
VK All in One Expansion Unit allows hackers to inject malicious code
CVE-2026-39483
Summary
A security issue in VK All in One Expansion Unit allows hackers to inject malicious code into the website, which can cause problems for users. This issue affects all versions of VK All in One Expansion Unit up to 9.113.3. To fix this, update to a newer version of the software.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.T...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026