CVE-2026-24127
- Source
- https://cve.org/CVERecord?id=CVE-2026-24127
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24127.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24127
- Aliases
-
- GHSA-65x4-pjhj-r8wr
- Published
- 2026-01-23T23:01:15.832Z
- Modified
- 2026-03-01T02:56:47.412453Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Typemill has Reflected XSS via login error view template
- Details
-
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template
login.twigof versions 2.19.1 and below. Theusernamevalue can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-116", "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24127.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24127.json
- https://github.com/typemill/typemill/commit/b506acd11e80fb9c8db5fa6c2c8ad73580b4e88c
- https://github.com/typemill/typemill/releases/tag/v2.19.2
- https://github.com/typemill/typemill/security/advisories/GHSA-65x4-pjhj-r8wr
- https://nvd.nist.gov/vuln/detail/CVE-2026-24127
Affected packages
Git / github.com/typemill/typemill
Affected ranges
- Type
- GIT
- Repo
- https://github.com/typemill/typemill
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed