CVE-2026-10514

LOW 2.4

1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

CVSS Score

2.4

EPSS Score

0.0%

EPSS Percentile

13th

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 mitigates this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. It is suggested to upgrade the affected component.

CWE	CWE-79 CWE-94
Vendor	1panel-dev
Product	cordyscrm
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for 1panel-dev cordyscrm

Be the first to know when new low vulnerabilities affecting 1panel-dev cordyscrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

1Panel-dev / CordysCRM

1.6.0 1.6.1 1.6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367596 vuldb.com: https://vuldb.com/vuln/367596/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10514 vuldb.com: https://vuldb.com/submit/828296 github.com: https://github.com/1Panel-dev/CordysCRM/issues/2229 github.com: https://github.com/1Panel-dev/CordysCRM/pull/2356 github.com: https://github.com/1Panel-dev/CordysCRM/commit/c87682afa8df79853299f75489c9d333f7bc5fce github.com: https://github.com/1Panel-dev/CordysCRM/releases/tag/v1.7.0 github.com: https://github.com/1Panel-dev/CordysCRM/

Credits

🔍 DaytimeHeaven (VulDB User)