Product is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability,
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 23 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Drimo
Drimo drimo Cms |
|
| Vendors & Products |
Drimo
Drimo drimo Cms |
Tue, 23 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability, | |
| Title | Reflected XSS in DRIMO CMS | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-06-23T13:58:49.034Z
Reserved: 2026-06-09T11:47:40.000Z
Link: CVE-2026-11772
Updated: 2026-06-23T13:58:45.640Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-24T12:00:05Z