CVE-2026-2947
Received Received - Intake
Remote XSS in rymcu forest User Profile Handler up to

Publication date: 2026-02-22

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-22
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2947
EUVD
EUVD-2026-7685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rymcu forest to 0.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2947 is a cross-site scripting (XSS) vulnerability found in the rymcu forest software, versions up to 0.0.5. It exists in the function updateUserInfo within the UserInfoController.java file, part of the User Profile Handler component.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application fails to properly neutralize user-controllable input before including it in web page output, allowing attackers to inject malicious JavaScript code.'}, {'type': 'paragraph', 'content': "This can be exploited remotely by manipulating input parameters in the updateUserInfo function, requiring some user interaction. The injected script can execute when other users view the attacker's profile."}] [1, 2]

Impact Analysis

This vulnerability can impact you by allowing remote attackers to execute malicious JavaScript code in the context of your web application.

Such cross-site scripting attacks can compromise data integrity and potentially lead to unauthorized actions performed on behalf of users, session hijacking, or theft of sensitive information.

Because the vulnerability is in the user profile update functionality, attackers can inject scripts that execute when other users view the compromised profiles, affecting multiple users.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a stored Cross-Site Scripting (XSS) issue in the updateUserInfo function of the UserInfoController.java file in rymcu forest up to version 0.0.5. Detection involves identifying malicious JavaScript code injected into user profile fields, especially signature fields.

Since the exploit is publicly available and the attack requires user interaction, detection can be performed by monitoring HTTP requests and responses involving the updateUserInfo endpoint for suspicious input patterns or scripts.

Specific commands are not provided in the available resources. However, general detection methods include:

  • Using web application scanners or proxy tools (e.g., Burp Suite) to intercept and analyze requests to the updateUserInfo API for injected scripts.
  • Searching server logs or database entries for suspicious JavaScript code in user profile fields.
  • Employing security tools that detect XSS payloads in web application inputs.
Mitigation Strategies

No official mitigations or patches have been published by the vendor, and the vendor did not respond to the disclosure.

Immediate steps to mitigate this vulnerability include:

  • Avoid using the affected version (0.0.5 and earlier) of rymcu forest if possible.
  • Consider replacing the affected product with an alternative that does not have this vulnerability.
  • Implement input validation and output encoding on the updateUserInfo function to neutralize user-controllable input before rendering it in web pages.
  • Restrict user privileges to limit the ability to inject malicious scripts.
  • Monitor for suspicious activity related to user profile updates.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2947. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart