{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3041", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-23T16:41:31.154Z", "datePublished": "2026-02-23T22:02:10.642Z", "dateUpdated": "2026-02-25T15:38:53.536Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T22:02:10.642Z"}, "title": "xingfuggz BaykeShop Article Sidebar custom.html cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "xingfuggz", "product": "BaykeShop", "versions": [{"version": "1.3.0", "status": "affected"}, {"version": "1.3.1", "status": "affected"}, {"version": "1.3.2", "status": "affected"}, {"version": "1.3.3", "status": "affected"}, {"version": "1.3.4", "status": "affected"}, {"version": "1.3.5", "status": "affected"}, {"version": "1.3.6", "status": "affected"}, {"version": "1.3.7", "status": "affected"}, {"version": "1.3.8", "status": "affected"}, {"version": "1.3.9", "status": "affected"}, {"version": "1.3.10", "status": "affected"}, {"version": "1.3.11", "status": "affected"}, {"version": "1.3.12", "status": "affected"}, {"version": "1.3.13", "status": "affected"}, {"version": "1.3.14", "status": "affected"}, {"version": "1.3.15", "status": "affected"}, {"version": "1.3.16", "status": "affected"}, {"version": "1.3.17", "status": "affected"}, {"version": "1.3.18", "status": "affected"}, {"version": "1.3.19", "status": "affected"}, {"version": "1.3.20", "status": "affected"}], "modules": ["Article Sidebar Module"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-23T17:46:39.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347397", "name": "VDB-347397 | xingfuggz BaykeShop Article Sidebar custom.html cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347397", "name": "VDB-347397 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.757165", "name": "Submit #757165 | xingfuggz baykeShop 1.3.25 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xingfuggz/baykeShop/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/xingfuggz/baykeShop/issues/1#issue-3931488211", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xingfuggz/baykeShop/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T15:38:07.678173Z", "id": "CVE-2026-3041", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:38:53.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3041", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T15:38:07.678173Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:38:35.700Z"}}], "cna": {"title": "xingfuggz BaykeShop Article Sidebar custom.html cross site scripting", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "xingfuggz", "modules": ["Article Sidebar Module"], "product": "BaykeShop", "versions": [{"status": "affected", "version": "1.3.0"}, {"status": "affected", "version": "1.3.1"}, {"status": "affected", "version": "1.3.2"}, {"status": "affected", "version": "1.3.3"}, {"status": "affected", "version": "1.3.4"}, {"status": "affected", "version": "1.3.5"}, {"status": "affected", "version": "1.3.6"}, {"status": "affected", "version": "1.3.7"}, {"status": "affected", "version": "1.3.8"}, {"status": "affected", "version": "1.3.9"}, {"status": "affected", "version": "1.3.10"}, {"status": "affected", "version": "1.3.11"}, {"status": "affected", "version": "1.3.12"}, {"status": "affected", "version": "1.3.13"}, {"status": "affected", "version": "1.3.14"}, {"status": "affected", "version": "1.3.15"}, {"status": "affected", "version": "1.3.16"}, {"status": "affected", "version": "1.3.17"}, {"status": "affected", "version": "1.3.18"}, {"status": "affected", "version": "1.3.19"}, {"status": "affected", "version": "1.3.20"}]}], "timeline": [{"lang": "en", "time": "2026-02-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-23T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-23T17:46:39.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347397", "name": "VDB-347397 | xingfuggz BaykeShop Article Sidebar custom.html cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347397", "name": "VDB-347397 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.757165", "name": "Submit #757165 | xingfuggz baykeShop 1.3.25 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xingfuggz/baykeShop/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/xingfuggz/baykeShop/issues/1#issue-3931488211", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xingfuggz/baykeShop/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T22:02:10.642Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3041", "state": "PUBLISHED", "dateUpdated": "2026-02-25T15:38:53.536Z", "dateReserved": "2026-02-23T16:41:31.154Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-23T22:02:10.642Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-3041", "lastModified": "2026-02-24T14:13:49.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-23T22:16:26.210", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/xingfuggz/baykeShop/"}, {"source": "cna@vuldb.com", "url": "https://github.com/xingfuggz/baykeShop/issues/1"}, {"source": "cna@vuldb.com", "url": "https://github.com/xingfuggz/baykeShop/issues/1#issue-3931488211"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.347397"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.347397"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.757165"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}