CVE-2026-3951

MEDIUM

LockerProject Locker 0.0.0-0.1.0 - XSS

Title source: llm

Description

A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

[Various Sources] https://github.com/LockerProject/Locker/

[Issue Tracking] https://github.com/LockerProject/Locker/issues/963

[Issue Tracking] https://github.com/LockerProject/Locker/issues/963#issue-3988004027

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.350383

[Permissions Required, VDB Entry] https://vuldb.com/?id.350383

[Permissions Required, VDB Entry] https://vuldb.com/?submit.767231

Scores

CVSS v3 4.3

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-94 CWE-79

Status draft

Timeline

Published Mar 11, 2026

Tracked Since Mar 12, 2026