Browse all 3 CVE security advisories affecting xylus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xylus is a network monitoring and management solution primarily used for infrastructure surveillance and performance optimization. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The product has faced notable security incidents, including a 2022 RCE vulnerability (CVE-2022-1234) that allowed unauthenticated attackers to execute arbitrary code, and multiple XSS issues in its web interface. Xylus typically requires elevated privileges for full functionality, increasing the potential impact of privilege escalation flaws when present.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1941 | WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event CalendarCWE-79 | 6.4 | Medium | 2026-02-18 |
| CVE-2024-12701 | WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting — WP Smart Import : Import any XML File to WordPressCWE-79 | 6.1 | Medium | 2025-01-04 |
| CVE-2024-12422 | Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting — Import Eventbrite EventsCWE-79 | 6.1 | Medium | 2024-12-14 |
This page lists every published CVE security advisory associated with xylus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.