THREAT OPS › Threat News › [GHSA] GHSA-465g-4q99-5x86 (high) — NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module
[GHSA] GHSA-465g-4q99-5x86 (high) — NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module
GHSA-465g-4q99-5x86 Severity: high CVE: CVE-2026-54064
NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module
## Summary
Two filter-bypass techniques in `NukeViet\Core\Request::filterAttr()` and `NukeViet\Core\Request::unhtmlentities()` allow a low-privileged user (any account with news post permission) to store and serve arbitrary JavaScript to any visitor of the affe
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-54064cve
- https://owasp.org/Top10/A03_2021-Injection/url
Original source: https://github.com/advisories/GHSA-465g-4q99-5x86