XSS in Wakyma Application Web

CVE-2026-3024

Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could explo…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.

Affected products

Wakyma Application Web — versions all versions

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-appl… (patch)