CVE-2026-30918 HIGH

CVE-2026-30918: facileManager Affected by Reflected Cross-Site Scripting (XSS)

Vendor Facilemanager
Product facileManager
Weakness CWE-79 · XSS
Published March 9, 2026
Last update March 10, 2026
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScript code into a URL by adding a script in a parameter. This vulnerability was found in the fmDNS module. The parameter that is vulnerable to an XSS attack is log_search_query. This vulnerability is fixed in 6.0.4.

Key dates

02Disclosure timeline

March 9, 2026 CVE published
March 10, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-1568 Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting CVE-2026-25452 WordPress Remoji plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-7147 JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32646 WordPress Question Answer plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-5340 Fancy Image Show <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes