PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45616 givanz CVE debrief

Vvveb CMS versions prior to 1.0.8.3 contain a stored cross-site scripting (XSS) vulnerability classified as CWE-79. The vulnerability allows authenticated users with low privileges to inject malicious scripts that execute in the context of other users' sessions. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low privileges and user interaction, with impacts to confidentiality and integrity at low severity. The vulnerability has been remediated in version 1.0.8.3. No known exploitation in the wild or ransomware campaign use has been documented. Organizations should prioritize patching to the fixed version and review user input sanitization controls.

Vendor
givanz
Product
Vvveb
CVSS
MEDIUM 5.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-15
Original CVE updated
2026-05-18
Advisory published
2026-05-15
Advisory updated
2026-05-18

Who should care

Organizations running Vvveb CMS versions prior to 1.0.8.3, particularly those with multi-user content management workflows or public-facing installations.

Technical summary

Stored cross-site scripting (CWE-79) in Vvveb CMS before 1.0.8.3. Authenticated low-privilege user can inject persistent scripts. Fixed in 1.0.8.3. CVSS 4.0: 5.1 MEDIUM.

Defensive priority

medium

Recommended defensive actions

  • Upgrade Vvveb CMS to version 1.0.8.3 or later to remediate the stored XSS vulnerability
  • Review and strengthen input validation and output encoding controls for user-generated content
  • Audit existing Vvveb CMS installations for unauthorized modifications or suspicious content that may indicate prior exploitation
  • Implement Content Security Policy (CSP) headers to mitigate impact of any residual XSS vectors
  • Restrict user privileges to minimum necessary levels, particularly for content creation roles

Evidence notes

CVE published 2026-05-15; modified 2026-05-18. GitHub Security Advisory GHSA-39gc-pjv5-4w4p confirms fix in 1.0.8.3. CVSS 4.0 score 5.1 (MEDIUM). CWE-79 classification from secondary source.

Official resources

2026-05-15