{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30162", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-26T18:11:39.146Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T13:54:21.437Z"}, "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/auntvt/Timo/issues/10"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:11:05.095563Z", "id": "CVE-2026-30162", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:11:39.146Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30162", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:11:05.095563Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:11:30.787Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/auntvt/Timo/issues/10"}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T13:54:21.437Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30162", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:11:39.146Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field."}, {"lang": "es", "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Timo 2.0.3 mediante enlaces manipulados en el campo de t\u00edtulo."}], "id": "CVE-2026-30162", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T15:16:36.600", "references": [{"source": "cve@mitre.org", "url": "https://github.com/auntvt/Timo/issues/10"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.0.3"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "timo", "vendor": "auntvt"}], "analysis": {"en": {"generated_at": "2026-03-26T20:37:33.412794+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of Timo if one is available", "Sanitize the title field to escape or remove script tags", "Configure a Content Security Policy that disallows inline scripts", "Monitor application logs for XSS attempts and block suspicious links"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting in Timo 2.0.3 that can lead to script execution in users\u2019 browsers"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of Timo version 2.0.3; no other specific versions are listed as impacted. The flaw resides in the handling of title links, so any deployment that allows custom title content is vulnerable.", "description_and_impact": "The vulnerability is a cross\u2011site scripting flaw in Timo 2.0.3 that allows attackers to insert malicious script payloads into the title field through crafted links. This flaw, categorized as CWE\u201179, means that when a page containing the title is rendered in a user's browser, any embedded script will execute with the privileges of the user visiting the page. The resulting impact can include session hijacking, data theft, defacement, or redirection to malicious sites.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity, and the lack of an EPSS score and KEV listing suggests limited known exploitation but still warrants attention. Exploitation requires an attacker to supply a title containing a script and a victim to view or click it; authentication is not needed, but user interaction is necessary. Given the client\u2011side nature of the vulnerability, the risk of widespread damage is moderate, but an active attacker could use it to compromise individual user accounts or inject malicious content."}}}}, "created": "2026-03-27T08:36:27.536907+00:00", "title": "Timo\u00a02.0.3 Cross\u2011Site Scripting via Title Field Links", "updated": "2026-03-27T09:29:11.687366+00:00", "vendors": ["auntvt", "auntvt$PRODUCT$timo"]}