{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31153", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T15:04:40.772Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:36:12.745Z"}, "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.bynder.com/en/"}, {"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31153"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:04:37.570204Z", "id": "CVE-2026-31153", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:04:40.772Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31153", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:04:37.570204Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:04:20.929Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.bynder.com/en/"}, {"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31153"}], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:36:12.745Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31153", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:04:40.772Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "id": "CVE-2026-31153", "lastModified": "2026-04-06T16:16:32.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T15:17:09.670", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31153"}, {"source": "cve@mitre.org", "url": "https://www.bynder.com/en/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.394"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "bynder", "vendor": "bynder"}], "analysis": {"en": {"generated_at": "2026-04-06T17:24:23.315360+00:00", "value": {"mitigation_remediation": ["Apply the latest Bynder patch that removes the XSS flaw by upgrading to any version newer than 0.1.394", "If an immediate upgrade is not possible, disable or restrict the interface components that allow content injection until a patch is applied", "Implement a robust Content Security Policy (CSP) to block execution of injected scripts", "Sanitize or validate all user\u2011supplied input before storing it in the system"], "summary": {"action": "Immediate Patch", "impact": "Client-side arbitrary script execution via stored XSS"}, "threat_synthesis": {"affected_systems": "This flaw affects the Bynder web application at version 0.1.394. No other versions or vendors are listed in the CNA data. Users running this specific build are at risk.", "description_and_impact": "The vulnerability is a stored cross\u2011site scripting flaw in Bynder version 0.1.394. Attackers can inject HTML or JavaScript that is retained in the application and later served to users. When an affected user views the compromised content, the injected code executes within the victim\u2019s browser, allowing the attacker to steal credentials, deface the site, or perform other client\u2011side attacks. This weakness is classified as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity. Exploit potential is unclear due to missing EPSS data, but the vulnerability was publicly disclosed, suggesting the risk of exploitation is non\u2011negligible. The issue is not yet catalogued in CISA\u2019s KEV list, but the stored nature of the payload means that an attacker could trigger it via legitimate user interactions, making it potentially effective against unsuspecting users. The attack vector is inferred to be through the application\u2019s content management interface, requiring user authentication and content delivery to the victim\u2019s browser."}}}}, "created": "2026-04-06T20:21:56.999626+00:00", "title": "Stored XSS in Bynder v0.1.394 Enables Arbitrary Web Script Execution", "updated": "2026-04-06T21:47:47.671103+00:00", "vendors": ["bynder", "bynder$PRODUCT$bynder"]}