Vendor
A critical stored cross-site scripting (XSS) vulnerability, CVE-2026-2342, in OceanicSoft Informatics Systems Ltd. ValeApp through September 7, 2026, allows an unauthenticated attacker to inject and execute malicious scripts within a victim's browser, leading to session hijacking, data exfiltration, or defacement, with a CVSS v3.1 base score of 9.3.