My personnal CVEs Pokedex and my Preferred Way to Spend Time
LIST OF Reported CVE
CVE-2026-41466
Stored XSS via checkValidHtmlText()
CVE-2026-41466
CVSS 5.1
ProjeQtor
An XSS vulnerability has been identified: user input is returned without proper encoding, allowing JavaScript injection and execution in the browser. The current regex-based filtering is insufficient and can be bypassed
24 avril 2026
CVE-2026-41467
Stored XSS via checkValidFileName()
CVE-2026-41467
CVSS 5.1
ProjeQtor
The application allows file uploads without proper validation, including HTML files that may contain JavaScript. The filename validation function does not block these extensions or inspect content, potentially enabling client-side code execution.
