CVE-2026-2344 PUBLISHED

Stored XSS on Plunet BusinessManager

Assigner: TCS-CERT
Reserved: 11.02.2026 Published: 11.02.2026 Updated: 11.02.2026

A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N
CVSS Score: 8.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	Low
Attack Complexity	Low	Integrity	High	Integrity	Low
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	Low
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	Plunet
Product	Plunet BusinessManager
Versions	Default: unaffected Version 10.15.1 is affected Version 10.20 is unaffected

Solutions

Upgrade Plunet BusinessManager to version 10.20 or later, which includes a fix for the identified cross-site scripting vulnerabilities.

References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2344

Problem Types

CWE-79 - XSS CWE

Impacts

unauthorized actions being performed on behalf of privileged users