CVE-2026-10514

Source
https://cve.org/CVERecord?id=CVE-2026-10514
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10514.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10514
Published
2026-06-01T23:45:12.138Z
Modified
2026-07-15T01:48:50.073990343Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
Details

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 mitigates this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. It is suggested to upgrade the affected component.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-79",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10514.json"
}
References

Affected packages

Git / github.com/1panel-dev/cordyscrm

Affected ranges

Type
GIT
Repo
https://github.com/1panel-dev/cordyscrm
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.6.0"
        },
        {
            "last_affected": "1.6.0"
        },
        {
            "introduced": "1.6.1"
        },
        {
            "last_affected": "1.6.1"
        },
        {
            "introduced": "1.6.2"
        },
        {
            "last_affected": "1.6.2"
        }
    ]
}

Affected versions

1.*
1.6.0
1.6.1
1.6.2
v1.*
v1.6.0
v1.6.1
v1.6.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10514.json"