{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2546", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-15T16:00:28.877Z", "datePublished": "2026-02-16T08:02:07.017Z", "dateUpdated": "2026-02-17T18:31:07.881Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-16T08:02:07.017Z"}, "title": "LigeroSmart index.pl cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "n/a", "product": "LigeroSmart", "versions": [{"version": "6.1.0", "status": "affected"}, {"version": "6.1.1", "status": "affected"}, {"version": "6.1.2", "status": "affected"}, {"version": "6.1.3", "status": "affected"}, {"version": "6.1.4", "status": "affected"}, {"version": "6.1.5", "status": "affected"}, {"version": "6.1.6", "status": "affected"}, {"version": "6.1.7", "status": "affected"}, {"version": "6.1.8", "status": "affected"}, {"version": "6.1.9", "status": "affected"}, {"version": "6.1.10", "status": "affected"}, {"version": "6.1.11", "status": "affected"}, {"version": "6.1.12", "status": "affected"}, {"version": "6.1.13", "status": "affected"}, {"version": "6.1.14", "status": "affected"}, {"version": "6.1.15", "status": "affected"}, {"version": "6.1.16", "status": "affected"}, {"version": "6.1.17", "status": "affected"}, {"version": "6.1.18", "status": "affected"}, {"version": "6.1.19", "status": "affected"}, {"version": "6.1.20", "status": "affected"}, {"version": "6.1.21", "status": "affected"}, {"version": "6.1.22", "status": "affected"}, {"version": "6.1.23", "status": "affected"}, {"version": "6.1.24", "status": "affected"}, {"version": "6.1.25", "status": "affected"}, {"version": "6.1.26", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-15T17:05:38.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Samara Gama - igobysamy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346155", "name": "VDB-346155 | LigeroSmart index.pl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346155", "name": "VDB-346155 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749784", "name": "Submit #749784 | LigeroSmart LigeroSmart (OTRS-based platform) 6.1.27 Cross-Site Scripting (XSS) - Reflected XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/283", "tags": ["issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/283#issue-3879199951", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T18:30:57.443842Z", "id": "CVE-2026-2546", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T18:31:07.881Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2546", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T18:30:57.443842Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T18:31:03.014Z"}}], "cna": {"title": "LigeroSmart index.pl cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Samara Gama - igobysamy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "product": "LigeroSmart", "versions": [{"status": "affected", "version": "6.1.0"}, {"status": "affected", "version": "6.1.1"}, {"status": "affected", "version": "6.1.2"}, {"status": "affected", "version": "6.1.3"}, {"status": "affected", "version": "6.1.4"}, {"status": "affected", "version": "6.1.5"}, {"status": "affected", "version": "6.1.6"}, {"status": "affected", "version": "6.1.7"}, {"status": "affected", "version": "6.1.8"}, {"status": "affected", "version": "6.1.9"}, {"status": "affected", "version": "6.1.10"}, {"status": "affected", "version": "6.1.11"}, {"status": "affected", "version": "6.1.12"}, {"status": "affected", "version": "6.1.13"}, {"status": "affected", "version": "6.1.14"}, {"status": "affected", "version": "6.1.15"}, {"status": "affected", "version": "6.1.16"}, {"status": "affected", "version": "6.1.17"}, {"status": "affected", "version": "6.1.18"}, {"status": "affected", "version": "6.1.19"}, {"status": "affected", "version": "6.1.20"}, {"status": "affected", "version": "6.1.21"}, {"status": "affected", "version": "6.1.22"}, {"status": "affected", "version": "6.1.23"}, {"status": "affected", "version": "6.1.24"}, {"status": "affected", "version": "6.1.25"}, {"status": "affected", "version": "6.1.26"}]}], "timeline": [{"lang": "en", "time": "2026-02-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-15T17:05:38.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346155", "name": "VDB-346155 | LigeroSmart index.pl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346155", "name": "VDB-346155 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749784", "name": "Submit #749784 | LigeroSmart LigeroSmart (OTRS-based platform) 6.1.27 Cross-Site Scripting (XSS) - Reflected XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/283", "tags": ["issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/283#issue-3879199951", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-16T08:02:07.017Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2546", "state": "PUBLISHED", "dateUpdated": "2026-02-17T18:31:07.881Z", "dateReserved": "2026-02-15T16:00:28.877Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-16T08:02:07.017Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ligerosmart:ligerosmart:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6446F8A-7F90-4333-A60D-2CAAC185002A", "versionEndIncluding": "6.1.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en LigeroSmart hasta la versi\u00f3n 6.1.26. El elemento afectado es una funci\u00f3n desconocida del archivo /otrs/index.pl. Dicha manipulaci\u00f3n del argumento SortBy conduce a cross-site scripting. El ataque puede ser lanzado de forma remota. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. El proyecto fue informado del problema con antelaci\u00f3n a trav\u00e9s de un informe de problema, pero a\u00fan no ha respondido."}], "id": "CVE-2026-2546", "lastModified": "2026-02-19T19:39:34.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-16T09:16:08.437", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/LigeroSmart/ligerosmart/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LigeroSmart/ligerosmart/issues/283"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LigeroSmart/ligerosmart/issues/283#issue-3879199951"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346155"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346155"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.749784"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}