CVE-2026-5252 | z-9527 admin 1.0/2.0 Message Create Endpoint message.js cross site scripting

A vulnerability has been found in z-9527 admin 1.0/2.0 and classified as problematic. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting.

This vulnerability is identified as CVE-2026-5252. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More