CVE-2026-6216

LOW

DbGate SVG Icon String FontIcon.svelte cross site scripting

Title source: cna

Description

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-357135 | DbGate SVG Icon String FontIcon.svelte cross site scripting

https://vuldb.com/vuln/357135

Signature, Permissions Required signature permissions-required

VDB-357135 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/357135/cti

Third Party Advisory third-party-advisory

Submit #785841 | DbGate DbGate Premium 7.1.4 Remote code execution via Stored XSS

https://vuldb.com/submit/785841

Patch patch

https://github.com/dbgate/dbgate/releases/tag/v7.1.5

Product product

https://github.com/dbgate/dbgate/

Scores

CVSS v3 3.5

EPSS 0.0019

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (7)

None/DbGate 7.1.0

None/DbGate 7.1.1

None/DbGate 7.1.2

None/DbGate 7.1.3

None/DbGate 7.1.4

None/DbGate 7.1.5

npm/dbgate-web 0 - 7.1.5npm

Published Apr 13, 2026

Tracked Since Apr 14, 2026