CVE-2026-0521

by Fred · 06/02/2026

A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim’s context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

This issue was verified in MAP+: 3.4.0.

More information : https://www.redguard.ch/blog/2026/02/05/advisory-tydac-mapplus/

CVE-2026-0521

Similar

Recent Posts

Categories

CVE-2026-0521

Share this:

Similar

Recent Posts

Categories

Tags