What is CVE-2026-6743?

CVE-2026-6743 is a low-severity vulnerability in Websystems Webtotum, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-04-21.

How severe is CVE-2026-6743?

Low severity. CVSS v3 base score is 3.5 out of 10.

RCE in Websystems Webtotum

CVE-2026-6743

A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (11.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Websystems Webtotum — versions 2026

Weakness classification (CWE)

References

VDB-358434 | WebSystems WebTOTUM Calendar cross site scripting (vdb-entry)
VDB-358434 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
Submit #794617 | WebSystems WebTOTUM (2026) Cross Site Scripting (third-party-advisory)
cna@vuldb.com (exploit)
cna@vuldb.com (patch)

Frequently asked questions

What is CVE-2026-6743?: CVE-2026-6743 is a low-severity vulnerability in Websystems Webtotum, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-04-21.
How severe is CVE-2026-6743?: Low severity. CVSS v3 base score is 3.5 out of 10.