XSS in Capgo
CVE-2026-56283
Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to u…
Vulnerability class: XSS (Cross-Site Scripting)
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Capgo — versions 0, 12.128.2
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-56283?
- CVE-2026-56283 is a medium-severity vulnerability in Capgo, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2026-07-08.
- How severe is CVE-2026-56283?
- Medium severity. CVSS v3 base score is 5.4 out of 10.