{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T12:05:33.234","vulnerabilities":[{"cve":{"id":"CVE-2026-1011","sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","published":"2026-01-16T00:16:29.050","lastModified":"2026-01-23T20:26:55.737","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests.\n\nThe injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim’s browser context."},{"lang":"es","value":"Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en el endpoint AddComment del Centro de Soporte de Altium debido a la falta de sanitización de entrada del lado del servidor. Aunque la interfaz del cliente aplica escape de HTML, el backend acepta y almacena HTML y JavaScript arbitrarios suministrados a través de solicitudes POST modificadas.\n\nEl contenido inyectado se renderiza textualmente cuando otros usuarios ven los casos de soporte, incluido el personal de soporte con privilegios elevados, lo que permite la ejecución de JavaScript arbitrario en el contexto del navegador de la víctima."}],"metrics":{"cvssMetricV31":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:altium:altium_live:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.1.39","matchCriteriaId":"079E28E9-A5B9-49AF-8D96-B56C46DB5231"}]}]}],"references":[{"url":"https://www.altium.com/platform/security-compliance/security-advisories","source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","tags":["Vendor Advisory"]}]}}]}