CVE-2026-28116
Description
Stored XSS in Emilia Projects Progress Planner (<=1.9.0) allows attackers to inject malicious scripts into websites, impacting visitors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Emilia Projects Progress Planner (<=1.9.0) allows attackers to inject malicious scripts into websites, impacting visitors.
Vulnerability
A Stored Cross-Site Scripting (XSS) vulnerability exists in Emilia Projects Progress Planner. This issue affects versions from n/a through 1.9.0. The vulnerability stems from improper neutralization of input during web page generation.
Exploitation
Exploitation requires a privileged user to perform an action, such as clicking a malicious link, visiting a crafted page, or submitting a form. While user interaction is required, the vulnerability can be initiated by a user with the appropriate role [1].
Impact
Successful exploitation allows a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads, into the website. These scripts will be executed when guests visit the site, potentially leading to unauthorized actions or information disclosure [1].
Mitigation
Update to version 1.9.1 or later to resolve the vulnerability. If updating is not immediately possible, seek assistance from your hosting provider or web developer [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.9.0+ 1 more
- (no CPE)range: <=1.9.0
- (no CPE)range: <=1.9.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.