Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter

Description

The vulnerability is documented as CVE-2026-5217 and is rated as problematic.

Vendor	Product	Versions
optimole	optimole – optimize images in real time	0

Tier C

VulDB7h ago

→ No new info (linked only)

CVSS 3.17.2 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 11, 2026

Last enriched6h agov2

Trending Score43

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

0 upvotes0 downvotes

Last enriched 6h ago

v2Tier C6h ago

Updated description with CVE-2026-5217, changed severity to MEDIUM, and marked as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v17h ago

Initial creation