CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-48942

K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 6.1

References

https://www.getk2.org/

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved