Detections
Analytics

CVE-2026-3951

medium

Description

A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

https://vuldb.com/?submit.767231

https://vuldb.com/?id.350383

https://vuldb.com/?ctiid.350383

https://github.com/LockerProject/Locker/issues/963#issue-3988004027

https://github.com/LockerProject/Locker/issues/963

https://github.com/LockerProject/Locker/

Details

Source: Mitre, NVD

Published: 2026-03-11

Updated: 2026-03-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00036