Security Advisory

CVE-2026-34748

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-01 19:48:10

Last updated 2026-04-02 16:24:38

Assigner GitHub_M

State PUBLISHED

Description

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. This issue has been patched in version 3.78.0.

← Browse all CVEs View on cve.org ↗