CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-41877

unknowncovered by 1 sourcefirst seen 2026-07-10
R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and v3.17-2580.

⚡ Watch CVE-2026-41877

Get an email if CVE-2026-41877 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-41877

CVE.org record

Embed the live status

CVE-2026-41877 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-41877 status](https://www.csirts.com/badge/CVE-2026-41877)](https://www.csirts.com/cve/CVE-2026-41877)