CVE-2026-25200 – MagicInfo9 Server Stored XSS

CVE ID : CVE-2026-25200

Published : Feb. 2, 2026, 4:49 a.m. | 26 minutes ago

Description : A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover

This issue affects MagicINFO 9 Server: less than 21.1090.1.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25202 – MagicInfo9 Server Hardcoded Database Credentials Vulnerability

CVE-2026-25201 – MagicInfo9 Server Remote File Upload RCE

CVE-2026-24788 – RaspAP RaspAP OS Command Injection Vulnerability

CVE-2026-1744 – D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting