Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Xingfuggz BaykeShop: Cross-Site Scripting in Sidebar Template
CVE-2026-3041
Summary
A security flaw exists in the sidebar template of Xingfuggz BaykeShop, allowing an attacker to inject malicious code into a website. This could lead to unauthorized actions being performed on the site. Update BaykeShop immediately to the latest version to prevent exploitation.
Original title
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of ...
Original description
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026