CVE-2026-27787

MEDIUM

MATCHA SNS <= 1.3.9 - Cross-Site Scripting

Title source: llm

Description

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.

References (2)

Core 2

Core References

https://oss.icz.co.jp/news/?p=1388

https://jvn.jp/en/jp/JVN33581068/

Scores

CVSS v3 5.4

EPSS 0.0015

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

icz/matcha_sns < 1.3.9

ICZ Corporation/MATCHA SNS 1.3.9 and earlier

Published Apr 08, 2026

Tracked Since Apr 08, 2026