Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical1
High1
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-01-23

CVE-2026-1011 - Altium Live Plugin

A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests. The injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim’s browser context.

PLUGIN Altium Live

CVE-2026-1011

MEDIUM CVSS 6.1 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-1009 - Altium Live Plugin

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.

PLUGIN Altium Live

CVE-2026-1009

CRITICAL CVSS 9.0 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-1008 - Altium Live Plugin

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.

PLUGIN Altium Live

CVE-2026-1008

HIGH CVSS 7.6 2026-01-15
Open Full Technical Breakdown
Scroll to top