XSS in Stel Order
CVE-2026-5790
Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicio…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.
Affected products
- Stel Order — versions 0