← Back

Xiaopi

xiaopi

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Panel
panel
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-5332
1Xiaopi
1Panel
Apr 29, 2026
Apr 2, 2026
2.0 LOW· v4
6.1 MEDIUM· v3
4.0 MEDIUM· v2
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Rem...Show more
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2122
1Xiaopi
1Panel
Apr 29, 2026
Feb 8, 2026
2.1 LOW· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The...Show more
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.Show less