{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:39:43.962","vulnerabilities":[{"cve":{"id":"CVE-2026-27178","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-18T22:16:25.790","lastModified":"2026-02-20T19:58:33.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as ThisComputer.VolumeLevelChanged pass the user-supplied VALUE parameter directly into the say() function, which stores the message raw in the shouts database table without escaping. The shoutbox widget renders stored messages without sanitization in both PHP rendering code and HTML templates. Because the dashboard widget auto-refreshes every 3 seconds, the injected script executes automatically when any administrator loads the dashboard, enabling session hijack through cookie exfiltration."},{"lang":"es","value":"MajorDoMo (también conocido como Major Domestic Module) contiene una vulnerabilidad de cross-site scripting (XSS) almacenado a través de la inyección de parámetros de método en la shoutbox. El endpoint /objects/?method= permite la ejecución no autenticada de métodos almacenados con parámetros controlados por el atacante. Métodos predeterminados como ThisComputer.VolumeLevelChanged pasan el parámetro VALUE proporcionado por el usuario directamente a la función say(), la cual almacena el mensaje en bruto en la tabla de la base de datos shouts sin escapar. El widget de la shoutbox renderiza los mensajes almacenados sin sanitización tanto en el código de renderizado PHP como en las plantillas HTML. Debido a que el widget del panel de control se actualiza automáticamente cada 3 segundos, el script inyectado se ejecuta automáticamente cuando cualquier administrador carga el panel de control, lo que permite el secuestro de sesión a través de la exfiltración de cookies."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mjdm:majordomo:-:*:*:*:*:*:*:*","matchCriteriaId":"7008978E-8DE1-4811-958F-3AFB3847B919"}]}]}],"references":[{"url":"https://chocapikk.com/posts/2026/majordomo-revisited/","source":"disclosure@vulncheck.com","tags":["Third Party Advisory","Exploit"]},{"url":"https://github.com/sergejey/majordomo/pull/1177","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Exploit"]},{"url":"https://www.vulncheck.com/advisories/majordomo-stored-cross-site-scripting-via-method-parameters-to-shoutbox","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}}]}