CVE-2026-27176

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by crafting a URL with malicious content in the qry parameter.

Vulnerability Details

Published Date

February 18, 2026

Last Modified

February 20, 2026

CWE ID

CWE-79

Source

NVD

Vendor

sergejey

Product

MajorDoMo

External References

https://chocapikk.com/posts/2026/majordomo-revisited/
https://github.com/sergejey/majordomo/pull/1177
https://www.vulncheck.com/advisories/majordomo-reflected-cross-site-scripting-in-commandphp

CVE-2026-27176

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment