Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by xingfuggz
CVE-2026-3041 (GCVE-0-2026-3041)
Vulnerability from cvelistv5 – Published: 2026-02-23 22:02 – Updated: 2026-02-25 15:38
VLAI
Title
xingfuggz BaykeShop Article Sidebar custom.html cross site scripting
Summary
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.347397 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.347397 | signaturepermissions-required |
| https://vuldb.com/?submit.757165 | third-party-advisory |
| https://github.com/xingfuggz/baykeShop/issues/1 | issue-tracking |
| https://github.com/xingfuggz/baykeShop/issues/1#i… | exploitissue-tracking |
| https://github.com/xingfuggz/baykeShop/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xingfuggz | BaykeShop |
Affected:
1.3.0
Affected: 1.3.1 Affected: 1.3.2 Affected: 1.3.3 Affected: 1.3.4 Affected: 1.3.5 Affected: 1.3.6 Affected: 1.3.7 Affected: 1.3.8 Affected: 1.3.9 Affected: 1.3.10 Affected: 1.3.11 Affected: 1.3.12 Affected: 1.3.13 Affected: 1.3.14 Affected: 1.3.15 Affected: 1.3.16 Affected: 1.3.17 Affected: 1.3.18 Affected: 1.3.19 Affected: 1.3.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3041",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T15:38:07.678173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:38:53.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Article Sidebar Module"
],
"product": "BaykeShop",
"vendor": "xingfuggz",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.3"
},
{
"status": "affected",
"version": "1.3.4"
},
{
"status": "affected",
"version": "1.3.5"
},
{
"status": "affected",
"version": "1.3.6"
},
{
"status": "affected",
"version": "1.3.7"
},
{
"status": "affected",
"version": "1.3.8"
},
{
"status": "affected",
"version": "1.3.9"
},
{
"status": "affected",
"version": "1.3.10"
},
{
"status": "affected",
"version": "1.3.11"
},
{
"status": "affected",
"version": "1.3.12"
},
{
"status": "affected",
"version": "1.3.13"
},
{
"status": "affected",
"version": "1.3.14"
},
{
"status": "affected",
"version": "1.3.15"
},
{
"status": "affected",
"version": "1.3.16"
},
{
"status": "affected",
"version": "1.3.17"
},
{
"status": "affected",
"version": "1.3.18"
},
{
"status": "affected",
"version": "1.3.19"
},
{
"status": "affected",
"version": "1.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T22:02:10.642Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-347397 | xingfuggz BaykeShop Article Sidebar custom.html cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.347397"
},
{
"name": "VDB-347397 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.347397"
},
{
"name": "Submit #757165 | xingfuggz baykeShop 1.3.25 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.757165"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xingfuggz/baykeShop/issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xingfuggz/baykeShop/issues/1#issue-3931488211"
},
{
"tags": [
"product"
],
"url": "https://github.com/xingfuggz/baykeShop/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-23T17:46:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "xingfuggz BaykeShop Article Sidebar custom.html cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3041",
"datePublished": "2026-02-23T22:02:10.642Z",
"dateReserved": "2026-02-23T16:41:31.154Z",
"dateUpdated": "2026-02-25T15:38:53.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}