LOW
stonith404
CVE published 2026-05-26
CVE-2026-9519
A reflected cross-site scripting (XSS) vulnerability exists in Pingvin Share versions up to and including 1.13.0. The flaw resides in the `getServerSideProps` function within `frontend/src/pages/auth/signIn.tsx`, where unsanitized user input passed via the `redirect` parameter is reflected into the page response. An attacker can craft a malicious URL containing JavaScript in the redirect parameter, which [truncated]