CVE-2026-30919
Stored XSS in facileManager fmDNS Module Before
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| facilemanager | facilemanager | to 6.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-30919 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the facileManager/fmdns module, specifically versions up to 5.4.4, with a patch available in version 6.0.4.'}, {'type': 'paragraph', 'content': "Stored XSS occurs when untrusted input is improperly handled and embedded in HTTP responses, allowing malicious scripts to persist and execute in users' browsers."}, {'type': 'paragraph', 'content': 'In this case, the vulnerability is present in multiple locations within the application, with the most critical being the "User Comment" field in the Edit Profile section.'}, {'type': 'paragraph', 'content': 'An attacker with low privileges can exploit this by injecting malicious payloads into input fields, which then execute when the affected pages are viewed.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can lead to unauthorized content modification, data theft, and browser control hijacking.'}, {'type': 'paragraph', 'content': "Because the injected scripts execute in the context of the victim's browser, attackers can steal sensitive information, manipulate displayed content, or perform actions on behalf of the user."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing input fields in the facileManager/fmdns module for stored XSS payloads, especially in the User Comment field in the Edit Profile section and other vulnerable input points such as Template Name fields and Image Branding settings.'}, {'type': 'paragraph', 'content': 'A practical approach is to inject known XSS payloads like `" onfocus=alert(document.domain) />` into these fields and then revisit the pages or access the admin panel to see if the payload executes.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided, you can use tools such as curl or automated web vulnerability scanners to submit payloads and monitor HTTP responses or browser behavior for script execution.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the facileManager/fmdns module to version 6.0.4 or later where the vulnerability is fixed.
- Implement strict input filtering to allow only expected valid input at the point of data reception.
- Apply proper output encoding tailored to the context (HTML, URL, JavaScript, CSS) to prevent execution of injected scripts.
- Use appropriate HTTP response headers such as Content-Type and X-Content-Type-Options to enforce correct content interpretation.
- Implement a Content Security Policy (CSP) as a defense-in-depth measure to limit the impact of any residual XSS vulnerabilities.