CVE-2026-42556 - Postiz stored XSS in public preview page
CVE ID :CVE-2026-42556 Published : May 8, 2026, 10:28 p.m. | 35 minutes ago Description :Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] AI Is Breaking Two Vulnerability Cultures — And Vibe Coders Are About to Get Caught in the Middle
- [CYBER] Why AI agent governance feels harder than traditional security models
- [CYBER] Seclens: Role-specific Evaluation of LLM's for security vulnerablity detection
- [CYBER] CVE-2026-42307 - Vim: OS Command Injection in netrw
- [CYBER] CVE-2026-42350 - Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
- [CYBER] CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber