CVE-2026-29048

MEDIUM EPSS 9.2%
Published Mar 6, 20263mo ago · Modified Mar 9, 20263mo ago
6.9 CVSS 4.0
Medium
Find Similar
Published Mar 6, 2026 3mo ago
Last Modified Mar 9, 2026 3mo ago

Description

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user's browser. This issue has been patched in version 1.18.1.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
9.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
humhubhumhub1.18.0any

References 4

  • github.com https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a
    Patch
  • github.com https://github.com/humhub/humhub/pull/8039
    Issue TrackingPatch
  • github.com https://github.com/humhub/humhub/releases/tag/v1.18.1
    ProductRelease Notes
  • github.com https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gm
    Vendor Advisory

Remediation

  • github.com https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a
    Patch
  • github.com https://github.com/humhub/humhub/pull/8039
    Issue TrackingPatch