CVE-2026-40472 - Hackage package metadata stored XSS vulnerability
CVE ID :CVE-2026-40472 Published : April 23, 2026, 3 p.m. | 49 minutes ago Description :In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks. Severity: 9.9 | CRITI
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] "Hackers can now launch massive 2Tbps attacks": Report reveals staggering 10x growth in botnet size with record-breaking DDoS incidents peaking for 40 minutes as multi-vector attacks grow in complexity and become harder to dismantle
- [CYBER] Finance body says Africa faces an 86 million tonne fuel shortfall by 2040
- [CYBER] Apple just fixed an iOS flaw exploited by the FBI - here's what happened
- [CYBER] CTFs in the AI Era
- [CYBER] Secure System Design -- 14 Challenges
- [CYBER] New Checkmarx supply-chain breach affects KICS analysis tool