CVE-2026-26460

MEDIUM 6.1

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

5th

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view (getTabContents action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. The injected content is rendered in the victim's browser

Vendor	n/a
Product	n/a
Published	Apr 13, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vtiger.com: https://www.vtiger.com/open-source-crm/ simonjuguna.com: https://www.simonjuguna.com/cve-2026-26460-html-injection-vulnerability-in-vtiger-open-source-edition-v8-4-0/