Primary

Context

Webgrind Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Webgrind versions through 1.1. This vulnerability allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The issue arises because the application fails to properly encode user-controlled inputs, enabling the execution of arbitrary JavaScript in the browsers of victims who click on crafted malicious URLs.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the Webgrind application with a crafted file parameter that includes the desired JavaScript payload. The injected script will be executed in the context of the user's browser.

Added: Jan 13, 2026, 11:38 PM

Updated: Jan 13, 2026, 11:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

7.4

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

7.4

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Webgrind Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

jokkedk webgrind

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating