Security Advisory

CVE-2026-40472

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-23 15:00:09

Last updated 2026-04-23 16:22:06

Assigner redhat-cnalr

State PUBLISHED

Description

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

← Browse all CVEs View on cve.org ↗