๐Ÿ” CVE Alert

CVE-2026-15321

LOW 2.4

MyEMS Admin Backend svg.py on_post cross site scripting

CVSS Score
2.4
EPSS Score
0.2%
EPSS Percentile
12th

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument new_values['data'] results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 6.5.0 is sufficient to fix this issue. The patch is identified as 4a97edfbd786c779d0322054833b21ddf54d5b06. It is suggested to upgrade the affected component. The issue report remains open even though there is an official fix for it.

CWE CWE-79 CWE-94
Vendor n/a
Product myems
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for n/a myems

Be the first to know when new low vulnerabilities affecting n/a myems are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / MyEMS
6.0 6.1 6.2 6.3 6.4.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377263 vuldb.com: https://vuldb.com/vuln/377263/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15321 vuldb.com: https://vuldb.com/submit/853060 github.com: https://github.com/MyEMS/myems/issues/412 github.com: https://github.com/MyEMS/myems/commit/4a97edfbd786c779d0322054833b21ddf54d5b06 github.com: https://github.com/MyEMS/myems/releases/tag/v6.5.0 github.com: https://github.com/MyEMS/myems/

Credits

๐Ÿ” rekczh (VulDB User) VulDB CNA Team