CVE-2026-15321
MyEMS Admin Backend svg.py on_post cross site scripting
CVSS Score
2.4
EPSS Score
0.2%
EPSS Percentile
12th
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument new_values['data'] results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 6.5.0 is sufficient to fix this issue. The patch is identified as 4a97edfbd786c779d0322054833b21ddf54d5b06. It is suggested to upgrade the affected component. The issue report remains open even though there is an official fix for it.
| CWE | CWE-79 CWE-94 |
| Vendor | n/a |
| Product | myems |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a myems
Be the first to know when new low vulnerabilities affecting n/a myems are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / MyEMS
6.0 6.1 6.2 6.3 6.4.0
References
vuldb.com: https://vuldb.com/vuln/377263 vuldb.com: https://vuldb.com/vuln/377263/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15321 vuldb.com: https://vuldb.com/submit/853060 github.com: https://github.com/MyEMS/myems/issues/412 github.com: https://github.com/MyEMS/myems/commit/4a97edfbd786c779d0322054833b21ddf54d5b06 github.com: https://github.com/MyEMS/myems/releases/tag/v6.5.0 github.com: https://github.com/MyEMS/myems/
Credits
๐ rekczh (VulDB User) VulDB CNA Team