CVE-2026-30919

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-30919
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30919.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-30919
Aliases
  • GHSA-2339-h9qw-q6vf
Published
2026-03-09T22:54:49.645Z
Modified
2026-04-10T05:41:57.760307Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L CVSS Calculator
Summary
facileManager Affected by Stored Cross-Site Scripting (XSS)
Details

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This vulnerability was found in the fmDNS module. This vulnerability is fixed in 6.0.4.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30919.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/facilemanager/facilemanager

Affected ranges

Type
GIT
Repo
https://github.com/facilemanager/facilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9413bdaebe345c13ab46d7af8929543c162c1367
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.4"
        }
    ]
}

Affected versions

facileManager-complete-3.*
facileManager-complete-3.4.1
v2.*
v2.3.3-complete
v3.*
v3.0-complete
v3.0.1-complete
v3.0.3-complete
v3.1-complete
v3.2-complete
v3.3-complete
v3.4-complete
v3.5.2-complete
v4.*
v4.0.0-complete
v4.2.0-complete
v4.6.0-complete
v4.6.1-complete
v4.6.2-complete
v4.7.0-complete
v5.*
v5.0.0-complete
v5.2.0-complete
v5.3.0-complete
v5.3.1-complete
v5.3.2-complete
v5.3.3-complete
v5.4.0-complete
v5.4.1-complete
v5.4.2-complete
v5.4.3-complete
v5.4.4-complete

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30919.json"

Git / github.com/willyxj/facilemanager

Affected ranges

Type
GIT
Repo
https://github.com/willyxj/facilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f3eb8dcb48dfe179698fc6cee8418bd30503e07f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.4"
        }
    ]
}

Affected versions

facileManager-complete-3.*
facileManager-complete-3.4.1
v2.*
v2.3.3-complete
v3.*
v3.0-complete
v3.0.1-complete
v3.0.3-complete
v3.1-complete
v3.2-complete
v3.3-complete
v3.4-complete
v3.5.2-complete
v4.*
v4.0.0-complete
v4.2.0-complete
v4.6.0-complete
v4.6.1-complete
v4.6.2-complete
v4.7.0-complete
v5.*
v5.0.0-complete
v5.2.0-complete
v5.3.0-complete
v5.3.1-complete
v5.3.2-complete
v5.3.3-complete
v5.4.0-complete
v5.4.1-complete
v5.4.2-complete
v5.4.3-complete
v6.*
v6.0.0-complete
v6.0.1-complete
v6.0.2-complete
v6.0.3-complete

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30919.json"