Description
Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter
Published: 2026-04-10
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via XSS
Action: Apply Controls
AI Analysis

Impact

Cross‑Site Scripting vulnerability in Altenar Sportsbook Software Platform version 2.0 lets an attacker embed malicious JavaScript into a URL parameter. When a user clicks the crafted link, the script executes in the victim’s browser under the application’s context, allowing the attacker to read sensitive page data or session information. The flaw aligns with information disclosure (CWE‑200) because the injected code can access and transmit confidential information, yet it does not grant server‑side code execution or system control.

Affected Systems

Altenar Sportsbook Software Platform (SB2) v.2.0 is the only product referenced. Any deployment that serves the vulnerable endpoint from this version and exposes the reflected URL parameter is affected; no other vendors or product variations are listed.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity, while the EPSS value of less than 1 % suggests low real‑world exploitation. The vulnerability is not present in the CISA KEV catalog. The attack originates remotely from an unauthenticated user who injects a specialized URL; successful exploitation leads to arbitrary JavaScript execution in the victim’s browser, enabling data theft or session hijacking but not providing server‑side control.

Generated by OpenCVE AI on April 16, 2026 at 09:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Sanitize or encode all user‑controlled URL parameters before rendering them to the browser; use a trusted library that escapes HTML and script contexts.
  • Deploy a Content Security Policy that disallows inline scripts or limits script sources to trusted domains, thereby mitigating the impact of reflected XSS.
  • Configure a web application firewall or custom rule set to block or cleanse malicious script payloads found in query strings, and restrict the vulnerable endpoint to authenticated users only.
  • Monitor web traffic and application logs for attempts to inject unexpected scripts into URL parameters, and set up automated alerts for anomalous requests.

Generated by OpenCVE AI on April 16, 2026 at 09:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Altenar sportsbook
CPEs cpe:2.3:a:altenar:sportsbook:2.0:*:*:*:*:*:*:*
Vendors & Products Altenar sportsbook

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
Title Information Disclosure via XSS in Altenar Sportsbook Platform 2.0 URL Parameter

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in Altenar Sportsbook Platform 2.0 Allowing Remote Code Execution
Weaknesses CWE-79

Tue, 14 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in Altenar Sportsbook Platform 2.0 Allowing Remote Code Execution
Weaknesses CWE-79

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Altenar
Altenar sportsbook Software Platform
Vendors & Products Altenar
Altenar sportsbook Software Platform

Fri, 10 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter
References

Subscriptions

Altenar Sportsbook Sportsbook Software Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:12:27.998Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31262

cve-icon Vulnrichment

Updated: 2026-04-14T14:12:21.869Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T15:16:23.607

Modified: 2026-04-16T20:17:52.897

Link: CVE-2026-31262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:15:30Z

Weaknesses