CVE-2026-30919

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This vulnerability was found in the fmDNS module. This vulnerability is fixed in 6.0.4.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/facileManager/facileManager/security/advisories/GHSA-2339-h9qw-q6vf	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*

History

13 Mar 2026, 14:51

Type	Values Removed	Values Added
References	~~() https://github.com/facileManager/facileManager/security/advisories/GHSA-2339-h9qw-q6vf -~~	() https://github.com/facileManager/facileManager/security/advisories/GHSA-2339-h9qw-q6vf - Exploit, Mitigation, Vendor Advisory
Summary		(es) facileManager es una suite modular de aplicaciones web construida pensando en el administrador de sistemas. Antes de 6.0.4, el XSS almacenado (también conocido como XSS persistente o de segundo orden) ocurre cuando una aplicación recibe datos de una fuente no confiable e incluye esos datos en sus respuestas HTTP subsiguientes de manera insegura. Esta vulnerabilidad fue encontrada en el módulo fmDNS. Esta vulnerabilidad está corregida en 6.0.4.
First Time		Facilemanager Facilemanager facilemanager
CPE		cpe:2.3:a:facilemanager:facilemanager::::::::

10 Mar 2026, 17:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 17:40

Updated : 2026-03-13 14:51

NVD link : CVE-2026-30919

Mitre link : CVE-2026-30919

CVE.ORG link : CVE-2026-30919

JSON object : View

Products Affected

facilemanager

facilemanager

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-30919", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2026-03-10T17:40:15.837", "references": [{"url": "https://github.com/facileManager/facileManager/security/advisories/GHSA-2339-h9qw-q6vf", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This vulnerability was found in the fmDNS module. This vulnerability is fixed in 6.0.4."}, {"lang": "es", "value": "facileManager es una suite modular de aplicaciones web construida pensando en el administrador de sistemas. Antes de 6.0.4, el XSS almacenado (tambi\u00e9n conocido como XSS persistente o de segundo orden) ocurre cuando una aplicaci\u00f3n recibe datos de una fuente no confiable e incluye esos datos en sus respuestas HTTP subsiguientes de manera insegura. Esta vulnerabilidad fue encontrada en el m\u00f3dulo fmDNS. Esta vulnerabilidad est\u00e1 corregida en 6.0.4."}], "lastModified": "2026-03-13T14:51:44.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACF32B72-7187-4B8C-B452-67ACBA089B76", "versionEndExcluding": "6.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}