CVE-2026-29048

UNKNOWN 0.0

HumHub: XSS in Button component

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user's browser. This issue has been patched in version 1.18.1.

CWE	CWE-79
Vendor	humhub
Product	humhub
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for humhub humhub

Be the first to know when new unknown vulnerabilities affecting humhub humhub are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

humhub / humhub

= 1.18.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gm github.com: https://github.com/humhub/humhub/pull/8039 github.com: https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a github.com: https://github.com/humhub/humhub/releases/tag/v1.18.1