CVE-2026-30841 | ellite Wallos up to 4.6.1 passwordreset.php htmlspecialchars token/email cross site scripting (GHSA-75hc-fc26-9797)

A vulnerability was found in ellite Wallos up to 4.6.1. It has been rated as problematic. The impacted element is the function htmlspecialchars of the file passwordreset.php. Performing a manipulation of the argument token/email results in cross site scripting.

This vulnerability is reported as CVE-2026-30841. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More