CVE-2026-5253 | bufanyun HotGo 1.0/2.0 editNotice Endpoint MessageList.vue cross site scripting

A vulnerability was found in bufanyun HotGo 1.0/2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting.

This vulnerability is tracked as CVE-2026-5253. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More