CVE 9 CRITICAL

CVE-2026-36748_CVE-2026-36748

June 3, 2026 invoker category_cve

9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.

AI Analysis

Cross Site Scripting (XSS) vulnerability via Social Media links in user profile

Basic Information

ID CVE-2026-36748

Source mitre

Published Jun 3, 2026 at 00:00

Modified Jun 3, 2026 at 18:20

Affected Product

Vendor Rock RMS

Product RockRMS

Version v16.13, before v17.7.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor Rock RMS

Product RockRMS

Version v16.13, before v17.7.0

References

{
    "lastseen": "",
    "description": "RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.",
    "published": "2026-06-03T00:00:00.000Z",
    "modified": "2026-06-03T18:20:35.787Z",
    "type": "cve",
    "title": "CVE-2026-36748",
    "source": "mitre",
    "references": "http://sparkdevnetwork.com\nhttps://raxis.com/blog/cve-2026-36748-xss-in-rock-rms-leads-to-privilege-escalation/",
    "id": "CVE-2026-36748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RockRMS",
    "version": "v16.13, before v17.7.0",
    "vendor": "Rock RMS",
    "ai_description": "Cross Site Scripting (XSS) vulnerability via Social Media links in user profile",
    "ai_severity": "Critical",
    "ai_vendor": "Rock RMS",
    "ai_product": "RockRMS",
    "ai_version": "v16.13, before v17.7.0",
    "ai_score": 9
}

💭 Join the Security Discussion ❌ Cancel Reply