CVE-2026-3951
LockerProject Locker Error Response registry.js authIsAwesome cross site scripting
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-79 CWE-94 |
| Vendor | lockerproject |
| Product | locker |
| Published | Mar 11, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for lockerproject locker
Be the first to know when new medium vulnerabilities affecting lockerproject locker are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
LockerProject / Locker
0.0.0 0.0.1 0.1.0
References
vuldb.com: https://vuldb.com/?id.350383 vuldb.com: https://vuldb.com/?ctiid.350383 vuldb.com: https://vuldb.com/?submit.767231 github.com: https://github.com/LockerProject/Locker/issues/963 github.com: https://github.com/LockerProject/Locker/issues/963#issue-3988004027 github.com: https://github.com/LockerProject/Locker/
Credits
๐ ZAST.AI (VulDB User)