CVE-2026-1136

LOW 3.5

lcg0124 BootDo ContentController save cross site scripting

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

CWE	CWE-79 CWE-94
Vendor	lcg0124
Product	bootdo
Published	Jan 19, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for lcg0124 bootdo

Be the first to know when new low vulnerabilities affecting lcg0124 bootdo are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

lcg0124 / BootDo

e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.341726 vuldb.com: https://vuldb.com/?ctiid.341726 vuldb.com: https://vuldb.com/?submit.735164 github.com: https://github.com/webzzaa/CVE-/issues/4

Credits

🔍 Tom132432 (VulDB User)