THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-465g-4q99-5x86 (high) — NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module

[GHSA] GHSA-465g-4q99-5x86 (high) — NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module

highgithub_advisoriesPublished 2026-07-13

GHSA-465g-4q99-5x86 Severity: high CVE: CVE-2026-54064

NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module

## Summary

Two filter-bypass techniques in `NukeViet\Core\Request::filterAttr()` and `NukeViet\Core\Request::unhtmlentities()` allow a low-privileged user (any account with news post permission) to store and serve arbitrary JavaScript to any visitor of the affe

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-465g-4q99-5x86