{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2545", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-15T16:00:20.235Z", "datePublished": "2026-02-16T07:32:08.515Z", "dateUpdated": "2026-02-23T10:07:15.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:07:15.711Z"}, "title": "LigeroSmart index.pl cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "n/a", "product": "LigeroSmart", "versions": [{"version": "6.1.0", "status": "affected"}, {"version": "6.1.1", "status": "affected"}, {"version": "6.1.2", "status": "affected"}, {"version": "6.1.3", "status": "affected"}, {"version": "6.1.4", "status": "affected"}, {"version": "6.1.5", "status": "affected"}, {"version": "6.1.6", "status": "affected"}, {"version": "6.1.7", "status": "affected"}, {"version": "6.1.8", "status": "affected"}, {"version": "6.1.9", "status": "affected"}, {"version": "6.1.10", "status": "affected"}, {"version": "6.1.11", "status": "affected"}, {"version": "6.1.12", "status": "affected"}, {"version": "6.1.13", "status": "affected"}, {"version": "6.1.14", "status": "affected"}, {"version": "6.1.15", "status": "affected"}, {"version": "6.1.16", "status": "affected"}, {"version": "6.1.17", "status": "affected"}, {"version": "6.1.18", "status": "affected"}, {"version": "6.1.19", "status": "affected"}, {"version": "6.1.20", "status": "affected"}, {"version": "6.1.21", "status": "affected"}, {"version": "6.1.22", "status": "affected"}, {"version": "6.1.23", "status": "affected"}, {"version": "6.1.24", "status": "affected"}, {"version": "6.1.25", "status": "affected"}, {"version": "6.1.26", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T07:24:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Samara Gama - igobysamy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346154", "name": "VDB-346154 | LigeroSmart index.pl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346154", "name": "VDB-346154 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749758", "name": "Submit #749758 | LigeroSmart 6.1.26 Cross-Site Scripting (XSS) - Reflected XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/282", "tags": ["issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/282#issue-3879165194", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T18:31:32.446433Z", "id": "CVE-2026-2545", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T18:31:41.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2545", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T18:31:32.446433Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T18:31:36.897Z"}}], "cna": {"title": "LigeroSmart index.pl cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Samara Gama - igobysamy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "product": "LigeroSmart", "versions": [{"status": "affected", "version": "6.1.0"}, {"status": "affected", "version": "6.1.1"}, {"status": "affected", "version": "6.1.2"}, {"status": "affected", "version": "6.1.3"}, {"status": "affected", "version": "6.1.4"}, {"status": "affected", "version": "6.1.5"}, {"status": "affected", "version": "6.1.6"}, {"status": "affected", "version": "6.1.7"}, {"status": "affected", "version": "6.1.8"}, {"status": "affected", "version": "6.1.9"}, {"status": "affected", "version": "6.1.10"}, {"status": "affected", "version": "6.1.11"}, {"status": "affected", "version": "6.1.12"}, {"status": "affected", "version": "6.1.13"}, {"status": "affected", "version": "6.1.14"}, {"status": "affected", "version": "6.1.15"}, {"status": "affected", "version": "6.1.16"}, {"status": "affected", "version": "6.1.17"}, {"status": "affected", "version": "6.1.18"}, {"status": "affected", "version": "6.1.19"}, {"status": "affected", "version": "6.1.20"}, {"status": "affected", "version": "6.1.21"}, {"status": "affected", "version": "6.1.22"}, {"status": "affected", "version": "6.1.23"}, {"status": "affected", "version": "6.1.24"}, {"status": "affected", "version": "6.1.25"}, {"status": "affected", "version": "6.1.26"}]}], "timeline": [{"lang": "en", "time": "2026-02-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T07:24:21.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346154", "name": "VDB-346154 | LigeroSmart index.pl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346154", "name": "VDB-346154 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749758", "name": "Submit #749758 | LigeroSmart 6.1.26 Cross-Site Scripting (XSS) - Reflected XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/282", "tags": ["issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/282#issue-3879165194", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:07:15.711Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2545", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:07:15.711Z", "dateReserved": "2026-02-15T16:00:20.235Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-16T07:32:08.515Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ligerosmart:ligerosmart:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6446F8A-7F90-4333-A60D-2CAAC185002A", "versionEndIncluding": "6.1.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha identificado una debilidad en LigeroSmart hasta 6.1.26. Afectada es una funci\u00f3n desconocida del archivo /otrs/index.pl?Action=AgentTicketSearch. Esta manipulaci\u00f3n del argumento Profile causa cross-site scripting. El ataque puede ser iniciado remotamente. El exploit ha sido puesto a disposici\u00f3n del p\u00fablico y podr\u00eda ser usado para ataques. El proyecto fue informado del problema tempranamente a trav\u00e9s de un informe de problema pero no ha respondido a\u00fan."}], "id": "CVE-2026-2545", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-16T08:16:05.587", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/LigeroSmart/ligerosmart/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LigeroSmart/ligerosmart/issues/282"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LigeroSmart/ligerosmart/issues/282#issue-3879165194"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346154"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346154"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.749758"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.23"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.25"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.26"}}], "product": "ligerosmart", "vendor": "ligerosmart"}], "analysis": {"en": {"generated_at": "2026-04-18T17:59:59.935674+00:00", "value": {"mitigation_remediation": ["Upgrade LigeroSmart to a version that contains the XSS fix, if one is available.", "Implement input validation or output encoding for the Profile query parameter to eliminate embedded JavaScript.", "Deploy a Web Application Firewall rule to block or filter suspicious payloads targeting the AgentTicketSearch endpoint."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "LigeroSmart products up to version 6.1.26 are affected. The vulnerability is present in all releases of version 6.1.26 and earlier.", "description_and_impact": "An improper handling of the Profile query parameter in the /otrs/index.pl?Action=AgentTicketSearch endpoint of LigeroSmart allows an attacker to inject arbitrary JavaScript into the generated web page. This cross\u2011site scripting flaw enables a remotely triggered attack that can be executed by visiting a crafted link. Because the victim\u2019s browser executes the payload, potential consequences include session hijacking, credential theft, or malicious interaction with the application. The flaw is classified as CWE\u201179 and also involves CWE\u201194 characteristics related to code injection through parameter manipulation.", "risk_and_exploitability": "The CVSS base score of 5.1 places the issue in the medium severity range. The EPSS score is lower than 1%, indicating a very low current exploitation possibility. The vulnerability is not listed in the CISA KEV catalog, so no confirmed attacks are reported. Attackers can trigger the flaw remotely by constructing a URL that includes a malicious value for the Profile parameter. Publicly available exploit code suggests that threat actors could deploy the attack once a fix is not applied."}}}}, "created": "2026-02-16T09:42:23.633973+00:00", "updated": "2026-04-18T18:00:06.473240+00:00", "vendors": ["ligerosmart", "ligerosmart$PRODUCT$ligerosmart"]}