MEDIUM
Sanoma
CVE published 2026-03-27
CVE-2026-5010
A reflected Cross-Site Scripting (XSS) vulnerability in Clickedu allows attackers to execute JavaScript in victims' browsers via malicious URLs targeting the `/user.php/` endpoint. The vulnerability was published on March 27, 2026, and last modified on May 19, 2026. With a CVSS 4.0 score of 5.1 (MEDIUM), the attack requires network access and user interaction, with low impacts to confidentiality and integ [truncated]