CVE-2026-6179 MEDIUM

CVE-2026-6179: Stored Cross Site Scripting in NightWolf Penetration Testing Platform

Vendor Fpt Software
Product NightWolf Penetration Testing Platform
Weakness CWE-79 · XSS
Published April 13, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Key dates

02Disclosure timeline

April 13, 2026 CVE published
April 13, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23733 WordPress SC Simple Zazzle plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler CVE-2023-47547 WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) CVE-2025-12652 Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode