Description
Vulnerability Title
Published: 2026-06-12
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The title indicates that the KeepInMind Dashboard Notes plugin, before version 0.8.4.2, includes a stored XSS flaw exploitable by users with contributor or higher roles. An attacker can craft a note containing malicious script that is saved and later rendered in the browser of any user viewing the note, allowing hijacking of sessions, defacement, or data exfiltration. The impact is a compromise of confidentiality, integrity, and availability of the web application. These technical details are inferred from the title, as the description text does not provide explicit information.

Affected Systems

Any installation of KeepInMind Dashboard Notes using a version older than 0.8.4.2 is affected. The plugin is listed as Unknown:KeepInMind Dashboard Notes in the CNA data. Since the vulnerability is tied to contributor‑level access, all sites where such users exist are at risk.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, and the EPSS score of less than 1 % suggests a low probability of exploitation in the near term. The vulnerability requires authentication but only the contributor role, which is a common role. Based on the title, the likely attack vector is the web interface where contributors submit notes. An attacker who can create a note can exploit the flaw remotely, with the victim's browser executing the injected script. The flaw is not in CISA KEV, but the potential for widespread malicious payloads warrants immediate mitigation.

Generated by OpenCVE AI on June 12, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade KeepInMind Dashboard Notes to version 0.8.4.2 or newer.
  • Restrict or revoke contributor privileges for users who do not need note creation.
  • Enforce server‑side input validation and output encoding on note content.

Generated by OpenCVE AI on June 12, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Keep Inmind Dashboard Notes
Keep Inmind Dashboard Notes keep Inmind Dashboard Notes
Vendors & Products Keep Inmind Dashboard Notes
Keep Inmind Dashboard Notes keep Inmind Dashboard Notes

Fri, 12 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Fri, 12 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Fri, 12 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description Vulnerability Title
Title KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
References

Subscriptions

Keep Inmind Dashboard Notes Keep Inmind Dashboard Notes
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-06-12T14:49:15.343Z

Reserved: 2026-05-22T10:27:21.437Z

Link: CVE-2026-9271

cve-icon Vulnrichment

Updated: 2026-06-12T14:49:03.339Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T07:16:21.360

Modified: 2026-06-12T16:16:34.800

Link: CVE-2026-9271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:01Z

Weaknesses

No weakness.