Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 19 May 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 19 May 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dumbwareio
Dumbwareio dumbassets |
|
| Vendors & Products |
Dumbwareio
Dumbwareio dumbassets |
Mon, 18 May 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or update assets with HTML or JavaScript payloads via the asset API endpoints to execute arbitrary scripts in the browsers of users viewing the asset list, and with Content-Security-Policy disabled, the injected scripts can make unrestricted connections to internal network services. | |
| Title | DumbAssets 1.0.11 Stored Cross-Site Scripting via Asset Fields | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-23T16:16:34.308Z
Reserved: 2026-05-11T14:14:49.612Z
Link: CVE-2026-45231
Updated: 2026-05-19T12:50:11.041Z
Status : Deferred
Published: 2026-05-18T19:16:27.623
Modified: 2026-06-17T10:51:48.633
Link: CVE-2026-45231
No data.
OpenCVE Enrichment
Updated: 2026-05-19T08:18:47Z