Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Mar 5, 2026
MajorDoMo Reflected Cross-Site Scripting in command.php
CVE-2026-27176
Description
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by crafting a URL with malicious content in the qry parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/sergejey/majordomo/pull/1177mitrepatch
- chocapikk.com/posts/2026/majordomo-revisited/mitrethird-party-advisory
- www.vulncheck.com/advisories/majordomo-reflected-cross-site-scripting-in-commandphpmitrethird-party-advisory
News mentions
0No linked articles in our index yet.