Vulnerabilities ›

CVE-2026-2897

Low ⚡ Exploit Available

CWE-79 — Weakness Type

                    Published: Feb 22, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

2.4

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-2897 is a cross-site scripting (XSS) vulnerability in funadmin versions up to 7.1.0-rc4 affecting the backend interface index.html file. The vulnerability allows remote attackers to inject malicious scripts through the Value parameter, with public exploit code available.

📄 Description (Arabic)

تم اكتشاف ثغرة XSS في ملف index.html بمكون الواجهة الخلفية لتطبيق funadmin حتى الإصدار 7.1.0-rc4. تسمح الثغرة للمهاجمين بحقن نصوص برمجية ضارة عن بعد من خلال معامل Value غير المحقق من صحته. تم الكشف عن الثغرة علناً وتوفر أكواد استغلال عملية لها.

🤖 ملخص تنفيذي (AI)

A cross-site scripting vulnerability exists in funadmin backend interface that allows remote code injection through unvalidated input parameters. The vulnerability affects versions up to 7.1.0-rc4 and has been publicly disclosed with available exploit code.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:54

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1190 T1598

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade funadmin to version 7.1.0-rc5 or later immediately. Implement input validation and output encoding for all user-supplied parameters, particularly the Value argument. Apply Web Application Firewall (WAF) rules to filter XSS payloads. Conduct security code review of backend interface components.

🔧 خطوات المعالجة (العربية)

قم بترقية funadmin إلى الإصدار 7.1.0-rc5 أو أحدث فوراً. طبق التحقق من صحة المدخلات وترميز المخرجات لجميع معاملات المستخدم خاصة معامل Value. طبق قواعد جدار حماية تطبيقات الويب لتصفية حمولات XSS. أجرِ مراجعة أمنية لكود مكونات الواجهة الخلفية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.2.1 5.2.2

🔵 SAMA CSF

AC-3 SI-10

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://github.com/I4m6da/CVE/issues/4

cna@vuldb.com

Exploit Issue Tracking

🔗

https://github.com/I4m6da/CVE/issues/4#issue-3890421022

cna@vuldb.com

Exploit Issue Tracking

🔗

https://vuldb.com/?ctiid.347208

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.347208

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.753975

cna@vuldb.com

Third Party Advisory VDB Entry

📦 Affected Products / CPE 5 entries

funadmin:funadmin

funadmin:funadmin:7.1.0

📊 CVSS Score

2.4

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Low

CVSS Score2.4

CWECWE-79

EPSS0.02%

Exploit ✓ Yes

Patch ✗ No

Published 2026-02-22

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

exploit-available CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2897

💬 Comments

Introduce Yourself

Sign In Required