Zero Day MonitorZDM

← Back to list

6.1

CVE-2026-30082EXPLOITED

n/a · n/a

CVE-2026-30082: Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngE

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

http://ingestate.com
https://ingenico.com/
https://github.com/Cr0wld3r/CVE-2026-30082

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-30082 | IngEstate Server 11.14.0 Software Package List Page Release note cross site scripting

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Published3/30/2026

Last enriched2h agov2

Trending Score50

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-30563EXP

CVE-2026-30563: A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerabi

MEDIUMCVE-2026-30566EXP

CVE-2026-30566: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner

MEDIUMCVE-2026-30565EXP

CVE-2026-30565: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner

CRITICALCVE-2026-30303EXP

CVE-2026-30303: The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist se

CRITICALCVE-2026-30532EXP

CVE-2026-30532: A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php fi

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Updated: affectedVersions, severity, activelyExploited

Mar 30, 2026

Actively Exploited

Mar 30, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated vendor and product information, marked severity as HIGH, and noted that the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v13h ago

Initial creation