XSS

Bypassing weak HTML filtering for XSS : CVE-2026-41466 27, Apr 2026

Introduction

This article focuses on a stored XSS vulnerability we identified in ProjeQtOr.

For more context about the software itself, I already covered that in the first article of this series: From login to admin : CVE-2026-41462 .

dev

This time, the vulnerable behavior was linked to HTML filtering. The application tried to detect dangerous HTML patterns, but the protection was not strong enough.

When uploaded files become scripts : CVE-2026-41467 27, Apr 2026

Reading time: 3 minutes

Introduction

This post covers another stored XSS vulnerability in ProjeQtOr, this time through file upload.

I already introduced ProjeQtOr and why this kind of application can contain sensitive business data in the first article of the series: From login to admin : CVE-2026-41462 .

XSS

Introduction

«««< HEAD For more context about the software itself, I already covered that in the first article of this series: From login to admin : CVE-2026-41462 .

Introduction

«««< HEAD I already introduced ProjeQtOr and why this kind of application can contain sensitive business data in the first article of the series: From login to admin : CVE-2026-41462 .