CVE-2026-2145

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2145
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2145.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2145
Published
2026-02-08T09:15:52.943Z
Modified
2026-04-10T05:38:29.191106Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/cym1102/nginxWebUI

Affected ranges

Type
GIT
Repo
https://github.com/cym1102/nginxWebUI
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7632b0dbded6671541ab97c27eacce0a2b88a83b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.7"
        }
    ]
}

Affected versions

3.*
3.4.6
3.4.7
3.4.8
3.7.1
3.7.9
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.9.0
3.9.3
3.9.6
3.9.7
4.*
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.8
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2145.json"