{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T13:48:55.955","vulnerabilities":[{"cve":{"id":"CVE-2026-22804","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T23:15:53.063","lastModified":"2026-01-16T18:37:32.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0."},{"lang":"es","value":"Termix es una plataforma de gestión de servidores basada en web con capacidades de terminal SSH, tunelización y edición de archivos. Desde la versión 1.7.0 hasta la 1.9.0, existe una vulnerabilidad de cross-site scripting (XSS) almacenado en el componente Termix File Manager. La aplicación no logra sanear el contenido de archivos SVG antes de renderizarlo. Esto permite a un atacante que ha comprometido un servidor SSH gestionado plantar un archivo malicioso, el cual, al ser previsualizado por el usuario de Termix, ejecuta JavaScript arbitrario en el contexto de la aplicación. La vulnerabilidad se encuentra en src/ui/desktop/apps/file-manager/components/FileViewer.tsx. Esta vulnerabilidad se corrigió en la versión 1.10.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:termix:termix:*:*:*:*:*:*:*:*","versionStartIncluding":"1.7.0","versionEndExcluding":"1.10.0","matchCriteriaId":"912FDA87-25B4-4E18-B7E9-FC8AA0FCF398"}]}]}],"references":[{"url":"https://github.com/Termix-SSH/Termix/security/advisories/GHSA-m3cv-5hgp-hv35","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/Termix-SSH/Termix/security/advisories/GHSA-m3cv-5hgp-hv35","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}