CVE-2026-27787
Cross-Site Scripting in MATCHA SNS 1.3.9 Allows Script Execution
Publication date: 2026-04-08
Last updated on: 2026-04-17
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| icz | matcha_sns | to 1.3.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a cross-site scripting (XSS) issue in ζΉθΆSNS versions 1.3.9 and earlier, where authenticated users can inject malicious scripts into profile names or file names. Detection involves checking if your system is running an affected version of ζΉθΆSNS.
To detect the vulnerability on your system, first verify the version of ζΉθΆSNS installed. If it is version 1.3.9 or earlier, your system is vulnerable.
There are no specific commands provided in the resources to detect exploitation attempts or scan for this vulnerability directly.
A practical approach is to check the version by inspecting the application files or querying the application version via its interface or command line if supported.
Additionally, monitoring web traffic for suspicious script injections in profile names or file names could help detect exploitation attempts, but no specific commands or tools are mentioned.
Can you explain this vulnerability to me?
CVE-2026-27787 is a cross-site scripting (XSS) vulnerability found in MATCHA SNS versions 1.3.9 and earlier.
This flaw allows authenticated users to inject malicious scripts into profile names or file names.
When other users access these profiles or files, the malicious scripts execute in their web browsers.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to theft of cookies from logged-in users.
This enables attackers to impersonate user accounts and manipulate page content.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-27787 cross-site scripting vulnerability in ζΉθΆSNS versions 1.3.9 and earlier, users should promptly update to ζΉθΆSNS version 1.3.10, which contains fixes preventing unauthorized script execution in users' browsers.
It is recommended to download the latest version from the official product download page and follow the upgrade instructions provided in the developer blog.
Additionally, users of the open-source version running on PHP 5.6 should consider migrating to the paid version supporting PHP 8.2 with enhanced security, as the open-source version is no longer officially supported for production.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to inject malicious scripts that can execute in other users' browsers, potentially leading to theft of cookies, account impersonation, and manipulation of page content.
Such unauthorized access and manipulation of user data could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal data and preventing unauthorized access.
However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with these or other common standards and regulations.