{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2897", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-20T18:56:49.065Z", "datePublished": "2026-02-22T00:02:08.938Z", "dateUpdated": "2026-02-23T19:22:34.754Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-22T00:02:08.938Z"}, "title": "funadmin Backend index.html cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "n/a", "product": "funadmin", "versions": [{"version": "7.1.0-rc1", "status": "affected"}, {"version": "7.1.0-rc2", "status": "affected"}, {"version": "7.1.0-rc3", "status": "affected"}, {"version": "7.1.0-rc4", "status": "affected"}], "cpes": ["cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"], "modules": ["Backend Interface"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T20:02:03.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "I4m6da (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347208", "name": "VDB-347208 | funadmin Backend index.html cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347208", "name": "VDB-347208 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753975", "name": "Submit #753975 | funadmin v7.1.0-rc4 Cross-Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/I4m6da/CVE/issues/4", "tags": ["issue-tracking"]}, {"url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T19:19:26.260749Z", "id": "CVE-2026-2897", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:22:34.754Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2897", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T19:19:26.260749Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:22:26.634Z"}}], "cna": {"title": "funadmin Backend index.html cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "I4m6da (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Backend Interface"], "product": "funadmin", "versions": [{"status": "affected", "version": "7.1.0-rc1"}, {"status": "affected", "version": "7.1.0-rc2"}, {"status": "affected", "version": "7.1.0-rc3"}, {"status": "affected", "version": "7.1.0-rc4"}]}], "timeline": [{"lang": "en", "time": "2026-02-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T20:02:03.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347208", "name": "VDB-347208 | funadmin Backend index.html cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347208", "name": "VDB-347208 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753975", "name": "Submit #753975 | funadmin v7.1.0-rc4 Cross-Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/I4m6da/CVE/issues/4", "tags": ["issue-tracking"]}, {"url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-22T00:02:08.938Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2897", "state": "PUBLISHED", "dateUpdated": "2026-02-23T19:22:34.754Z", "dateReserved": "2026-02-20T18:56:49.065Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-22T00:02:08.938Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "67A1D507-8F8E-4C10-B5CB-D08DE081AF77", "versionEndExcluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D14B5D13-CC64-43DE-A709-150D9284D19C", "vulnerable": true}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BF7A984-32FB-4957-8151-47FC4C2CB9CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "518EE1E1-CD85-4784-94E5-D7DF735BFF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "303D805A-EEC2-44FE-BB54-8B336EA8A3E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de seguridad en funadmin hasta 7.1.0-rc4. Esta vulnerabilidad afecta c\u00f3digo desconocido del archivo app/backend/view/index/index.html del componente Interfaz de Backend. Si se manipula el argumento Value se puede provocar un cross site scripting. Es posible lanzar el ataque en remoto. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. El proveedor fue contactado con antelaci\u00f3n sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-2897", "lastModified": "2026-02-24T16:35:14.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-22T01:16:00.107", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/I4m6da/CVE/issues/4"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347208"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347208"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.753975"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.1.0-rc1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.1.0-rc2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.1.0-rc3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.1.0-rc4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "funadmin", "vendor": "funadmin"}], "created": "2026-02-23T14:29:51.497717+00:00", "updated": "2026-02-23T14:29:51.497805+00:00", "vendors": ["funadmin", "funadmin$PRODUCT$funadmin"]}