CVE-2026-4510
Received Received - Intake
Cross-Site Scripting in PbootCMS Parameter Handler (alert_location

Publication date: 2026-03-21

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-03-21
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4510
EUVD
EUVD-2026-14242
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
pbootcms pbootcms to 3.2.12 (inc)
zzj-create pbootcms to 3.2.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-4510 is a vulnerability in PbootCMS version 3.2.12 involving the improper handling of the `backurl` parameter in the member login flow.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application accepts the `backurl` parameter and uses it directly as a redirect target after login without validating or sanitizing it.'}, {'type': 'paragraph', 'content': 'Additionally, this parameter is embedded inside JavaScript code without proper encoding, which allows attackers to inject malicious scripts.'}, {'type': 'paragraph', 'content': "This leads to two main issues: an open redirect, where users can be redirected to attacker-controlled sites, and reflected Cross-Site Scripting (XSS), where arbitrary JavaScript can be executed in the victim's browser."}] [1]


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability can have several impacts on users and organizations.'}, {'type': 'list_item', 'content': 'Phishing attacks: Attackers can redirect users to malicious websites after login, tricking them into revealing sensitive information.'}, {'type': 'list_item', 'content': "Session theft and browser-based attacks: The reflected XSS allows attackers to execute arbitrary JavaScript in the victim's browser, potentially stealing session cookies or performing actions on behalf of the user."}, {'type': 'list_item', 'content': 'Loss of user trust and potential compromise of user accounts due to these attacks.'}] [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the `backurl` parameter in the member login flow for open redirect and reflected XSS behavior.'}, {'type': 'list_item', 'content': 'Send HTTP requests to the `/member/login` endpoint with crafted `backurl` values such as a malicious URL or JavaScript payload.'}, {'type': 'list_item', 'content': 'Example commands using curl to test open redirect:'}, {'type': 'list_item', 'content': 'curl -i "http://targetsite/member/login?backurl=https://evil.example.com/phishing"'}, {'type': 'list_item', 'content': 'Check if the response redirects to the attacker-controlled domain.'}, {'type': 'list_item', 'content': 'Example commands using curl to test reflected XSS:'}, {'type': 'list_item', 'content': 'curl -i "http://targetsite/member/login?backurl=\\";alert(document.cookie);//"'}, {'type': 'list_item', 'content': 'Inspect the HTTP response for injected JavaScript code execution or reflected payload.'}, {'type': 'paragraph', 'content': 'Additionally, static code analysis can be performed to trace the use of the `backurl` parameter in the source code, especially in the `apps/home/controller/MemberController.php` file.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting the redirect targets and improving input validation and output encoding.

  • Restrict redirect targets to relative internal URLs or enforce a strict allowlist of safe URLs for the `backurl` parameter.
  • Apply context-aware output encoding when embedding user input into JavaScript contexts to prevent injection.
  • Prefer server-side HTTP redirects instead of generating inline JavaScript for redirection.

These steps help prevent open redirect and reflected XSS attacks by ensuring user-controlled input is properly validated and safely handled.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart