← Back
2026-03-20 17:32CVE-2026-4494VulDB
PUBLISHED5.2CWE-79CWE-94

atjiu pybbs TopicApiController.java create cross site scripting

A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Problem type

Affected products

atjiu

pybbs

6.0.0 - AFFECTED

References

VDB-352020 | atjiu pybbs TopicApiController.java create cross site scripting

https://vuldb.com/?id.352020

vdb-entrytechnical-description
VDB-352020 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.352020

signaturepermissions-required
Submit #773779 | atjiu pybbs 6.0.0 Improper Neutralization of Alternate XSS Syntax

https://vuldb.com/?submit.773779

third-party-advisory
fx4tqqfvdw4.feishu.cn

https://fx4tqqfvdw4.feishu.cn/docx/EKVgdqWIzo70C0xB5jxcb4IZnre?from=from_copylink

exploit

GitHub Security Advisories

GHSA-9wm2-388x-gpfx

A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file...

https://github.com/advisories/GHSA-9wm2-388x-gpfx

A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-4494

fx4tqqfvdw4.feishu.cn

https://fx4tqqfvdw4.feishu.cn/docx/EKVgdqWIzo70C0xB5jxcb4IZnre?from=from_copylink

vuldb.com

https://vuldb.com/?ctiid.352020

vuldb.com

https://vuldb.com/?id.352020

vuldb.com

https://vuldb.com/?submit.773779

github.com

https://github.com/advisories/GHSA-9wm2-388x-gpfx

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-4494
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-4494",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-20T17:32:49.226Z",
    "dateReserved": "2026-03-20T08:38:41.752Z",
    "datePublished": "2026-03-20T17:32:49.226Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-20T17:32:49.226Z"
      },
      "title": "atjiu pybbs TopicApiController.java create cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used."
        }
      ],
      "affected": [
        {
          "vendor": "atjiu",
          "product": "pybbs",
          "versions": [
            {
              "version": "6.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.352020",
          "name": "VDB-352020 | atjiu pybbs TopicApiController.java create cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.352020",
          "name": "VDB-352020 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.773779",
          "name": "Submit #773779 | atjiu pybbs 6.0.0 Improper Neutralization of Alternate XSS Syntax",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://fx4tqqfvdw4.feishu.cn/docx/EKVgdqWIzo70C0xB5jxcb4IZnre?from=from_copylink",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 4
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-20T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-20T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-20T09:43:51.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "xcxr (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}