CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Weblate: >> Wlc >> 1.17.2 Security Vulnerabilities

CVE-2026-42150

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

CVSS Score

5.1

EPSS Score

0.0

Published

2026-05-08

Page 1

Vulnerabilities

Vulnerable Software

Weblate: >> Wlc >> 1.17.2 Security Vulnerabilities

Products

Pricing

Contact Us