Primary

Context

MyNET Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in MyNET versions through 26.08. This issue allows unauthenticated users to inject HTML and scripts into the 'ficheiro' parameter, as this parameter is not properly sanitized. The vulnerability can be exploited by sending a crafted link to the victim that includes the malicious payload in the 'ficheiro' parameter.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a link to the victim that includes the 'ficheiro' parameter with an unsanitized payload, such as an image tag with an 'onerror' event.

Added: Dec 24, 2025, 5:39 PM

Updated: Dec 24, 2025, 5:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MyNET Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating