CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting

Full Article URL: https://vuldb.com/?id.347317
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxNzY0BwCQQwj4_2026-02-21">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxNzY0BwCQQwj4_2026-02-21
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2026-02-21 18:47:14
Last retrieval: 2026-02-21 20:46:19.174186

18:47 - 21 Feb 2026

vuldb.com

A vulnerability was found in rymcu forest up to 0.0.5 and classified as problematic. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-2947. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

https://vuldb.com/?id.347317

Article info: