Unrated severityNVD Advisory· Published Mar 7, 2026· Updated Mar 9, 2026

dsa-hub-server: Clear-Text Storage of Sensitive Data

CVE-2026-28678

Description

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.

Affected products

Toxicbishop/Dsa With Tsxv5
Range: < d527fba

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/toxicbishop/DSA-with-tsx/commit/d527fba3b3c15f185b9d1e730322dff9248391e4mitrex_refsource_MISC
github.com/toxicbishop/DSA-with-tsx/security/advisories/GHSA-vmxr-562h-rcggmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000