XSS in Sanoma Clickedu
CVE-2026-5010
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (21.7th percentile) — read the EPSS interpretation.
Affected products
- Sanoma Clickedu — versions 0, 5.1
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)