Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for NightWolf Penetration Testing Platform by FPT Software

    CVE-2026-6179 (GCVE-0-2026-6179)

    Vulnerability from nvd – Published: 2026-04-13 02:27 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Stored Cross Site Scripting in NightWolf Penetration Testing Platform
    Summary
    Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Credits
    Phan Cong Anh Tuan (phanconganhtuan2003@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:36:38.518612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:17.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NightWolf Penetration Testing Platform",
              "vendor": "FPT Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.5"
                },
                {
                  "status": "unaffected",
                  "version": "2.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Phan Cong Anh Tuan (phanconganhtuan2003@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user\u0027s browser"
                }
              ],
              "value": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user\u0027s browser"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T02:27:53.206Z",
            "orgId": "5ac195ad-69e7-48e7-9c1e-bfc958c39761",
            "shortName": "FSOFT"
          },
          "references": [
            {
              "url": "https://bug.report.night-wolf.io/changelogs"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T10:00:00.000Z",
              "value": "The reporter submits the vulnerability to security_report@fpt.com."
            },
            {
              "lang": "en",
              "time": "2026-04-12T11:00:00.000Z",
              "value": "The security team verifies the issue and provides a fixing solution."
            },
            {
              "lang": "en",
              "time": "2026-04-13T01:00:00.000Z",
              "value": "The security team releases the fix, retests the issue, and closes the vulnerability."
            },
            {
              "lang": "en",
              "time": "2026-04-13T02:00:00.000Z",
              "value": "Assign a CVE to the reporter."
            }
          ],
          "title": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac195ad-69e7-48e7-9c1e-bfc958c39761",
        "assignerShortName": "FSOFT",
        "cveId": "CVE-2026-6179",
        "datePublished": "2026-04-13T02:27:53.206Z",
        "dateReserved": "2026-04-13T02:18:11.562Z",
        "dateUpdated": "2026-04-13T18:06:17.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6179 (GCVE-0-2026-6179)

    Vulnerability from cvelistv5 – Published: 2026-04-13 02:27 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Stored Cross Site Scripting in NightWolf Penetration Testing Platform
    Summary
    Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Credits
    Phan Cong Anh Tuan (phanconganhtuan2003@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:36:38.518612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:17.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NightWolf Penetration Testing Platform",
              "vendor": "FPT Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.5"
                },
                {
                  "status": "unaffected",
                  "version": "2.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Phan Cong Anh Tuan (phanconganhtuan2003@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user\u0027s browser"
                }
              ],
              "value": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user\u0027s browser"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T02:27:53.206Z",
            "orgId": "5ac195ad-69e7-48e7-9c1e-bfc958c39761",
            "shortName": "FSOFT"
          },
          "references": [
            {
              "url": "https://bug.report.night-wolf.io/changelogs"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T10:00:00.000Z",
              "value": "The reporter submits the vulnerability to security_report@fpt.com."
            },
            {
              "lang": "en",
              "time": "2026-04-12T11:00:00.000Z",
              "value": "The security team verifies the issue and provides a fixing solution."
            },
            {
              "lang": "en",
              "time": "2026-04-13T01:00:00.000Z",
              "value": "The security team releases the fix, retests the issue, and closes the vulnerability."
            },
            {
              "lang": "en",
              "time": "2026-04-13T02:00:00.000Z",
              "value": "Assign a CVE to the reporter."
            }
          ],
          "title": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac195ad-69e7-48e7-9c1e-bfc958c39761",
        "assignerShortName": "FSOFT",
        "cveId": "CVE-2026-6179",
        "datePublished": "2026-04-13T02:27:53.206Z",
        "dateReserved": "2026-04-13T02:18:11.562Z",
        "dateUpdated": "2026-04-13T18:06:17.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }