CVE-2026-11453

MEDIUM 6.3

Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

8th

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	tiobon
Product	employee self-service system
Published	Jun 7, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for tiobon employee self-service system

Be the first to know when new medium vulnerabilities affecting tiobon employee self-service system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Tiobon / Employee Self-Service System

7.0 7.1 7.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369073 vuldb.com: https://vuldb.com/vuln/369073/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11453 vuldb.com: https://vuldb.com/submit/826640 drive.google.com: https://drive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_link

Credits

🔍 ox882 (VulDB User) VulDB CNA Team