CVE-2026-2825 | rachelos WeRSS we-mp-rss up to 1.4.8 Article tools/fix.py fix_html cross site scripting

Full Article URL: https://vuldb.com/?id.346950
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxszQ1AACQUgj6_2026-02-19">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxszQ1AACQUgj6_2026-02-19
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2026-02-19 18:29:51
Last retrieval: 2026-02-19 20:46:21.528236

18:29 - 19 Feb 2026

vuldb.com

A vulnerability, which was classified as problematic, has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-2825. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

https://vuldb.com/?id.346950

Article info: