CVE-2026-24662

Vulnerability

Overview

CVE-2026-24662 is a stored cross-site scripting (XSS) vulnerability in Fujitsu Japan Limited's Musetheque V4 Information Disclosure for IPKNOWLEDGE, affecting versions V4L1 rev2203.0 and earlier. The root cause is insufficient sanitization of file content during upload, allowing an attacker to inject arbitrary scripts into the application [1].

Exploitation

Conditions

An attacker with low privileges can upload a file containing malicious JavaScript. The script is then executed when an administrator views the file's information page, requiring user interaction (UI:R) from the victim. The attack vector is network-based (AV:N) and does not require advanced authentication [1].

Impact

Successful exploitation enables arbitrary script execution in the context of the admin's browser, potentially leading to session hijacking, data exfiltration, or unauthorized actions. The CVSS v3 base score is 5.4 (Medium), reflecting the need for user interaction and limited scope of impact [1].

Mitigation

Fujitsu Japan Limited has released version V4L1 rev2603.1, which addresses this vulnerability. Users are advised to update to the latest version as soon as possible. No workarounds are documented [1].