Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
MATCHA SNS versions 1.3.9 and earlier allow malicious scripts to run in user's browser
CVE-2026-27787
Summary
MATCHA SNS users may be at risk of having malicious scripts executed on their web browsers if they visit a compromised website. This could potentially lead to unauthorized actions or data theft. Users should update to a fixed version of MATCHA SNS as soon as possible.
Original title
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the we...
Original description
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
nvd CVSS3.0
5.4
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026