cym1102 nginxWebUI Web Management check cross site scripting_CVE-2026-2145

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2145

Source VulDB

Published Feb 8, 2026 at 09:02

Affected Product

Vendor cym1102

Product nginxWebUI

Version 4.3.0

Affected Versions cym1102 nginxWebUI 4.3.0
cym1102 nginxWebUI 4.3.1
cym1102 nginxWebUI 4.3.2
cym1102 nginxWebUI 4.3.3
cym1102 nginxWebUI 4.3.4
cym1102 nginxWebUI 4.3.5
cym1102 nginxWebUI 4.3.6
cym1102 nginxWebUI 4.3.7

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-08T09:02:07.687Z",
    "modified": "2026-02-08T09:02:07.687Z",
    "type": "cve",
    "title": "cym1102 nginxWebUI Web Management check cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344847\nhttps://vuldb.com/?ctiid.344847\nhttps://vuldb.com/?submit.747404\nhttps://github.com/cym1102/nginxWebUI/issues/203\nhttps://github.com/cym1102/nginxWebUI/issues/203#issue-3860109934\nhttps://github.com/cym1102/nginxWebUI/",
    "id": "CVE-2026-2145",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "cym1102 nginxWebUI 4.3.0\ncym1102 nginxWebUI 4.3.1\ncym1102 nginxWebUI 4.3.2\ncym1102 nginxWebUI 4.3.3\ncym1102 nginxWebUI 4.3.4\ncym1102 nginxWebUI 4.3.5\ncym1102 nginxWebUI 4.3.6\ncym1102 nginxWebUI 4.3.7",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nginxWebUI",
    "version": "4.3.0",
    "vendor": "cym1102",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}