Home

Description

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

PUBLISHED Reserved 2026-04-13 | Published 2026-04-13 | Updated 2026-04-13 | Assigner FSOFT




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Default status
unaffected

2.1.5
affected

2.1.6
unaffected

Timeline

2026-04-11:The reporter submits the vulnerability to security_report@fpt.com.
2026-04-12:The security team verifies the issue and provides a fixing solution.
2026-04-13:The security team releases the fix, retests the issue, and closes the vulnerability.
2026-04-13:Assign a CVE to the reporter.

Credits

Phan Cong Anh Tuan (phanconganhtuan2003@gmail.com) finder

References

bug.report.night-wolf.io/changelogs

cve.org (CVE-2026-6179)

nvd.nist.gov (CVE-2026-6179)

Download JSON