Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
https://www.vulncheck.com/advisories/freeter-persistent-cross-site-scripting
Published: 2026-01-16
Updated: 2026-04-15
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: Medium
Base Score: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Severity: High
Base Score: 5.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Severity: Medium
EPSS: 0.00079