CVE-2026-35508: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in milesmcc Shynet
CVE-2026-35508 is a medium severity vulnerability in milesmcc Shynet versions before 0. 14. 0. It allows cross-site scripting (XSS) attacks via the urldisplay and iconify template filters due to improper neutralization of input during web page generation. This vulnerability can lead to limited confidentiality and integrity impacts but does not affect availability. No known exploits are reported in the wild. No official patch or remediation details are provided in the available data.
AI Analysis
Technical Summary
Shynet versions prior to 0.14.0 contain an XSS vulnerability (CWE-79) in the urldisplay and iconify template filters. This improper neutralization of input during web page generation allows an attacker to inject malicious scripts. The CVSS 3.1 base score is 5.4 (medium), reflecting network attack vector, high attack complexity, no privileges required, no user interaction, and impacts on confidentiality and integrity but not availability. No patch or vendor advisory information is currently available.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure or modification of information accessible to the user. There is no indication of availability impact or known active exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to affected versions and applying any recommended workarounds from the vendor once published.
CVE-2026-35508: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in milesmcc Shynet
Description
CVE-2026-35508 is a medium severity vulnerability in milesmcc Shynet versions before 0. 14. 0. It allows cross-site scripting (XSS) attacks via the urldisplay and iconify template filters due to improper neutralization of input during web page generation. This vulnerability can lead to limited confidentiality and integrity impacts but does not affect availability. No known exploits are reported in the wild. No official patch or remediation details are provided in the available data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Shynet versions prior to 0.14.0 contain an XSS vulnerability (CWE-79) in the urldisplay and iconify template filters. This improper neutralization of input during web page generation allows an attacker to inject malicious scripts. The CVSS 3.1 base score is 5.4 (medium), reflecting network attack vector, high attack complexity, no privileges required, no user interaction, and impacts on confidentiality and integrity but not availability. No patch or vendor advisory information is currently available.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure or modification of information accessible to the user. There is no indication of availability impact or known active exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to affected versions and applying any recommended workarounds from the vendor once published.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-03T01:13:14.523Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cf1a09e6bfc5ba1d18739d
Added to database: 4/3/2026, 1:38:17 AM
Last enriched: 4/10/2026, 9:14:08 AM
Last updated: 5/20/2026, 8:52:18 PM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.