Description
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
Published: 2026-03-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Client-side JavaScript execution via AngularJS template injection
Action: Patch ASAP
AI Analysis

Impact

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network‑adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.

Affected Systems

The vulnerability affects installations of Beghelli’s SicuroWeb (Sicuro24) software, particularly those that render untrusted user input within AngularJS 1.5.2 templates. All versions released prior to any vendor patch for CVE‑2026‑22191 are potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, while the EPSS score of less than 1 % indicates a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation. Attackers exploiting this flaw can use AngularJS template injection by providing malicious input that is rendered unescaped in the application's template contexts. This injection can execute arbitrary JavaScript within the victim’s browser session, potentially exposing session cookies, credentials, or enabling phishing attacks. Due to the requirement of untrusted input rendering and the lack of privileged access, attackers can achieve compromise from unauthenticated or low‑privileged user actions, making the overall risk moderate for anyone exposing such templates over the network, especially in plain HTTP deployments.

Generated by OpenCVE AI on April 27, 2026 at 20:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify and apply any available patch or update from Beghelli for SicuroWeb released after CVE‑2026‑22191
  • If a patch is not available, implement input validation to reject or sanitize untrusted content before it is rendered in AngularJS templates
  • Deploy a Content Security Policy that disallows inline JavaScript execution and restricts unsafe-eval contexts to mitigate injected expressions

Generated by OpenCVE AI on April 27, 2026 at 20:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
References

Wed, 22 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 22 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail(). Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
Title wpDiscuz before 7.6.47 - Server-Side Shortcode Injection via Email Notifications Beghelli Sicuro24 SicuroWeb AngularJS Template Injection
Weaknesses CWE-1336
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Fri, 13 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 02:00:00 +0000

Type Values Removed Values Added
Description wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().
Title wpDiscuz before 7.6.47 - Server-Side Shortcode Injection via Email Notifications
First Time appeared Gvectors
Gvectors wpdiscuz
Weaknesses CWE-94
CPEs cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*
Vendors & Products Gvectors
Gvectors wpdiscuz
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gvectors Wpdiscuz
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T18:36:18.229Z

Reserved: 2026-01-06T16:47:17.183Z

Link: CVE-2026-22191

cve-icon Vulnrichment

Updated: 2026-03-13T14:16:38.049Z

cve-icon NVD

Status : Modified

Published: 2026-03-13T19:54:09.290

Modified: 2026-04-22T19:17:00.040

Link: CVE-2026-22191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T20:15:12Z

Weaknesses