Donate Telegram

CVE-2026-30082

MEDIUM CVSS 3.1: 6.1

Mar 30, 2026

Updated Mar 30, 2026

Payload

Parameter	Value
CVSS	6.1 (MEDIUM)
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Payload
Public PoC	No

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 3

http://ingestate.com

https://github.com/Cr0wld3r/CVE-2026-30082

https://ingenico.com/

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4317

Payload

CVE-2026-31946

Payload

CVE-2026-30313

Payload

CVE-2026-25627

Payload

CVE-2026-3502

Payload

CVE Details

CVE ID

CVE-2026-30082

Published Date

Mar 30, 2026

Vendor

Payload

Severity

MEDIUM

CVSS v3.1 Score

6.1

Medium severity. Plan remediation.

Attack Analysis

Exploitability 2.8/10

How easy to exploit

Impact 2.7/10

Severity of consequences

Impact

Partial data disclosure

Partial data modification

Source

Editor's Choice