{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T04:00:41.947","vulnerabilities":[{"cve":{"id":"CVE-2026-24127","sourceIdentifier":"security-advisories@github.com","published":"2026-01-23T23:15:54.360","lastModified":"2026-02-02T13:32:53.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2."},{"lang":"es","value":"Typemill es un CMS de archivo plano, basado en Markdown, diseñado para sitios web de documentación informativa. Un Cross-Site Scripting (XSS) reflejado existe en la plantilla de vista de error de inicio de sesión 'login.twig' de las versiones 2.19.1 e inferiores. El valor 'username' puede ser devuelto sin la codificación contextual adecuada cuando la autenticación falla. Un atacante puede ejecutar scripts en el contexto de la página de inicio de sesión. Este problema ha sido solucionado en la versión 2.19.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:typemill:typemill:*:*:*:*:*:*:*:*","versionEndExcluding":"2.19.2","matchCriteriaId":"4E3CADA3-5037-4F37-9488-CE162A458090"}]}]}],"references":[{"url":"https://github.com/typemill/typemill/commit/b506acd11e80fb9c8db5fa6c2c8ad73580b4e88c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/typemill/typemill/releases/tag/v2.19.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/typemill/typemill/security/advisories/GHSA-65x4-pjhj-r8wr","source":"security-advisories@github.com","tags":["Third Party Advisory","Exploit"]}]}}]}