CVE-2026-11772
Deferred Deferred - Pending Action
Reflected XSS in DRIMO CMS via Search Parameter

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: CERT.PL

Description
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability,
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-11772
EUVD
EUVD-2026-38450
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
drimo drimo_cms to 2021 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11772 is a Reflected Cross-Site Scripting (XSS) vulnerability in the DRIMO CMS software. It occurs via the 'q' parameter in the search functionality. An attacker can craft a specially prepared URL that, when opened by a victim, causes arbitrary JavaScript code to execute in the victim's browser.

The product is no longer supported and will not receive updates, but deleting the info.php file can mitigate this vulnerability.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary JavaScript code in the browser of anyone who opens the maliciously crafted URL. This can lead to theft of sensitive information such as cookies, session tokens, or other private data accessible via the browser.

It can also enable attackers to perform actions on behalf of the victim, manipulate the website content, or redirect users to malicious sites.

Detection Guidance

The vulnerability is a Reflected Cross-Site Scripting (XSS) in the 'q' parameter of the search functionality in DRIMO CMS. Detection involves checking if the application improperly reflects input from the 'q' parameter back to the browser without proper sanitization.

One way to detect this is to manually test the search functionality by sending specially crafted URLs containing JavaScript payloads in the 'q' parameter and observing if the script executes in the browser.

Example command using curl to test the vulnerability:

  • curl -i "http://[target]/search?q=<script>alert('XSS')</script>"

If the response contains the script tag without proper encoding or escaping, the vulnerability is present.

Mitigation Strategies

The product is in End Of Life phase and will not receive any updates or patches.

The recommended immediate mitigation is to delete the info.php file from the DRIMO CMS installation.

This action mitigates the vulnerability by preventing the exploitation vector.

Compliance Impact

The vulnerability in DRIMO CMS allows for reflected Cross-Site Scripting (XSS) attacks, which can lead to arbitrary JavaScript execution in a victim's browser. Such vulnerabilities can potentially expose user data or enable unauthorized actions, which may impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive information.

However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart