CVE-2026-40038 | Pachno 1.0.6 getParameter cross site scripting (ZSL-2026-5980)

A vulnerability, which was classified as problematic, has been found in Pachno 1.0.6. Impacted is the function Request::getRawParameter/Request::getParameter. The manipulation of the argument value/comment_body/article_content/description/message leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-40038. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More