Product

Github.com/Getarcaneapp/Arcane/Backend

1 brief RSS

Arcane Backend Unauthenticated Reflected XSS via SVG Color Parameter Enables Admin Account Takeover

Arcane Backend versions 1.18.1 and earlier are vulnerable to an unauthenticated reflected XSS (CVE-2026-45627) via the SVG color parameter, allowing attackers to inject executable script content and compromise admin accounts by enticing them to visit a malicious link.

Arcane Backend +1 xss reflected-xss github arcane-backend cve-2026-45627

2r 2t 2d ago