{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30162", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-26T18:11:39.146Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T13:54:21.437Z"}, "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/auntvt/Timo/issues/10"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:11:05.095563Z", "id": "CVE-2026-30162", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:11:39.146Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30162", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:11:05.095563Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:11:30.787Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/auntvt/Timo/issues/10"}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T13:54:21.437Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30162", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:11:39.146Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auntvt:timo:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "47BB5F2F-7D3C-4A80-ADDC-AF8938CA39DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}, {"lang": "es", "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Timo 2.0.3 mediante enlaces manipulados en el campo de t\u00edtulo."}], "id": "CVE-2026-30162", "lastModified": "2026-03-31T21:08:50.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T15:16:36.600", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory", "Issue Tracking"], "url": "https://github.com/auntvt/Timo/issues/10"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.0.3"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "timo", "vendor": "auntvt"}], "analysis": {"en": {"generated_at": "2026-04-01T05:45:34.068955+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website for an updated release of Timo that addresses the XSS issue; if available, upgrade immediately.", "If no patch is available, sanitize the title input by escaping or removing URLs before storing or displaying it.", "Implement a Content Security Policy that restricts the loading of external scripts and resources.", "Disable or limit the ability for users to include links in the title field through configuration or UI changes.", "Continuously monitor for new advisories or patches related to this vulnerability and apply them as soon as they become available."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Timo version 2.0.3 developed by AuntVT. No other vendors or product versions are listed.", "description_and_impact": "An attacker can inject arbitrary URLs into the title field of Timo 2.0.3, causing the stored value to be rendered with executable JavaScript in a user\u2019s browser. This vulnerable input handling enables cross\u2011site scripting, which could lead to theft of session tokens, defacement, or the execution of malicious code in the context of a legitimate user\u2019s session.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The issue is not listed in CISA\u2019s KEV catalog, and no active public exploits have been reported. The attack vector is inferred to be a local user or an authenticated actor who can create or edit titles, leading to stored XSS in other users\u2019 browsers."}}}}, "created": "2026-03-27T08:36:27.536907+00:00", "updated": "2026-04-02T07:59:01.578779+00:00", "vendors": ["auntvt", "auntvt$PRODUCT$timo"]}