CVE-2026-6486 | classroombookings up to 2.17.0 User Display Name layout.php read displayname cross site scripting

A vulnerability was found in classroombookings up to 2.17.0 and classified as problematic. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting.

This vulnerability is identified as CVE-2026-6486. The attack can be executed remotely. Additionally, an exploit exists.

It is suggested to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More