Specially crafted data can be injected into web pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.6

Specially crafted data can be injected into web pages

CVE-2026-3862

Summary

This means an attacker can inject malicious code into our web pages, potentially allowing them to steal user data, hijack sessions, or spread malware. To protect our users, we need to ensure our web application properly sanitizes user input to prevent such attacks. We should update our application to validate and filter user input to prevent this kind of attack.

Original title

Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

Original description

Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

nvd CVSS4.0 4.6

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/con...

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026