HomeCVE Intelligence › CVE-2026-54064
CVSS 8.7 HIGH Vulnerability

CVE-2026-54064: NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module

Summary Two filter-bypass techniques in NukeViet\Core\Request::filterAttr() and NukeViet\Core\Request::unhtmlentities() allow a low-privileged user (any account with news post permission) to store and serve arbitrary Ja…

8.7CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-54064
Vendorcomposer
Affected Productnukeviet/nukeviet
Vulnerability TypeVulnerability
CVSS Score8.7 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary Two filter-bypass techniques in NukeViet\Core\Request::filterAttr() and NukeViet\Core\Request::unhtmlentities() allow a low-privileged user (any account with news post permission) to store and serve arbitrary JavaScript to any visitor of the affected page.

Affected Component vendor/vinades/nukeviet/Core/Request.php — class NukeViet\Core\Request

Vulnerability Details

Bypass 1 — Form Feed character prefix (\x0C) before event handler name The filterAttr() method blocks event-handler attributes using:

``php preg_match('/^on/i', $attrSubSet[0]) ` PHP's trim() does not strip the ASCII Form Feed character (\x0C, U+000C). An attacker can prefix the attribute name with \x0C so that \x0Conerror does not match /^on/. The HTML5 browser parser treats \

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-54064 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence