{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T13:48:17.933","vulnerabilities":[{"cve":{"id":"CVE-2026-21855","sourceIdentifier":"security-advisories@github.com","published":"2026-01-07T19:15:57.970","lastModified":"2026-02-03T16:20:50.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious URL. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities."},{"lang":"es","value":"El Tarkov Data Manager es una herramienta para gestionar los datos de ítems de Tarkov. Antes del 02 de enero de 2025, una vulnerabilidad de Cross Site Scripting (XSS) reflejado en el sistema de notificaciones 'toast' permite a cualquier atacante ejecutar JavaScript arbitrario en el contexto de la sesión del navegador de una víctima al crear una URL maliciosa. Una serie de 'commits' de corrección el 02 de enero de 2025 corrigió esta y otras vulnerabilidades."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tarkov:tarkov_data_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"2025-01-02","matchCriteriaId":"1BED0E5B-BD43-4202-930F-9931EC05570C"}]}]}],"references":[{"url":"https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-9c23-rrg9-jc89","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}