rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2026-2825

Source VulDB

Published Feb 20, 2026 at 06:02

Affected Product

Vendor rachelos

Product WeRSS we-mp-rss

Version 1.4.0

Affected Versions rachelos WeRSS we-mp-rss 1.4.0
rachelos WeRSS we-mp-rss 1.4.1
rachelos WeRSS we-mp-rss 1.4.2
rachelos WeRSS we-mp-rss 1.4.3
rachelos WeRSS we-mp-rss 1.4.4
rachelos WeRSS we-mp-rss 1.4.5
rachelos WeRSS we-mp-rss 1.4.6
rachelos WeRSS we-mp-rss 1.4.7
rachelos WeRSS we-mp-rss 1.4.8

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2026-02-20T06:02:06.763Z",
    "modified": "2026-02-20T06:02:06.763Z",
    "type": "cve",
    "title": "rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346950\nhttps://vuldb.com/?ctiid.346950\nhttps://vuldb.com/?submit.753879\nhttps://www.notion.so/WeRSS-Stored-Cross-Site-Scripting-XSS-in-Article-module-300ea92a3c4180be87dffca6b47d17f7",
    "id": "CVE-2026-2825",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "rachelos WeRSS we-mp-rss 1.4.0\nrachelos WeRSS we-mp-rss 1.4.1\nrachelos WeRSS we-mp-rss 1.4.2\nrachelos WeRSS we-mp-rss 1.4.3\nrachelos WeRSS we-mp-rss 1.4.4\nrachelos WeRSS we-mp-rss 1.4.5\nrachelos WeRSS we-mp-rss 1.4.6\nrachelos WeRSS we-mp-rss 1.4.7\nrachelos WeRSS we-mp-rss 1.4.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeRSS we-mp-rss",
    "version": "1.4.0",
    "vendor": "rachelos",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting_CVE-2026-2825