Unrated severityNVD Advisory· Published Jan 19, 2026· Updated Jan 20, 2026
Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param
CVE-2026-23841
Description
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/leepeuker/movary/releases/tag/0.70.0mitrex_refsource_MISC
- github.com/leepeuker/movary/security/advisories/GHSA-v877-x568-4v5vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.