CVE-2026-27116
MEDIUM6.1EPSS 0.01%Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api
Published: 2/25/2026Modified: 3/9/2026
Description
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api
Affected packages (2)
- Go/code.vikunja.io/apifrom 0, <= 0.24.6
- Go/code.vikunja.io/apifrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27116
- PATCHhttps://github.com/go-vikunja/vikunja
- WEBhttps://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Scripting_Prevention_Cheat_Sheet.html
- WEBhttps://github.com/go-vikunja/vikunja/commit/a42b4f37bde58596a3b69482cd5a67641a94f62d
- WEBhttps://github.com/go-vikunja/vikunja/releases/tag/v2.0.0
- WEBhttps://github.com/go-vikunja/vikunja/security/advisories/GHSA-4qgr-4h56-8895
- WEBhttps://vikunja.io/changelog/vikunja-v2.0.0-was-released