What is CVE-2026-28100?

CVE-2026-28100 is a high-severity vulnerability affecting the LambertGroup UberSlider PerpetuumMobile plugin. This reflected Cross-site Scripting (XSS) vulnerability can be exploited through the web interface, allowing attackers to inject malicious scripts. Organizations should address this vulnerability promptly to mitigate risks.

What is the severity of CVE-2026-28100?

CVE-2026-28100 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2026-28100 | High Vulnerability in LambertGroup UberSlider PerpetuumMobile

CVE-2026-28100 is classified as a high-severity vulnerability, with a CVSS score of 7.1. This vulnerability allows improper neutralization of input during web page generation, specifically a reflected Cross-site Scripting (XSS) attack, in the LambertGroup UberSlider PerpetuumMobile plugin. The vulnerability affects versions of the plugin from n/a through 2.3.

Risk to organizations includes potential unauthorized access to user data and manipulation of web content. Attackers may leverage this vulnerability to execute scripts in the context of the user's browser, leading to data theft or session hijacking. Organizations should prioritize patching immediately.

As of now, there are no known exploits or public proof of concept available for this vulnerability. However, the reflected XSS vector indicates that it could be exploited under certain conditions, especially involving user interaction.

Given its potential impact, organizations using the affected versions of UberSlider PerpetuumMobile should address this vulnerability in their priority patch cycle.

Vulnerability Details

The CVE-2026-28100 vulnerability is categorized as a reflected XSS issue, allowing attackers to inject malicious scripts via input fields that are not properly sanitized. The plugin version range affected is from n/a to 2.3. The CVSS score of 7.1 indicates high severity due to the ease of exploitation and potential impact on confidentiality, integrity, and availability.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of user input during web page generation. This means that when users interact with the plugin, malicious scripts can be executed without appropriate validation. The attack vector is classified as NETWORK with low complexity, requiring no privileges but necessitating user interaction.

The confidentiality, integrity, and availability impacts are all rated as LOW, indicating limited damage in the event of an exploit, though the risk of data compromise remains significant.

Risk & Impact Analysis

Organizations using the UberSlider PerpetuumMobile plugin should recognize the real-world risks associated with this vulnerability. The potential for data theft or manipulation through XSS attacks poses a serious threat to user security and can result in reputational damage.

The urgency of addressing this vulnerability is high, given its CVSS score and the nature of reflected XSS. Organizations should prioritize remediation efforts within their security protocols.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the UberSlider PerpetuumMobile plugin are those from n/a through 2.3. Organizations should ensure they upgrade to the latest version to mitigate this vulnerability.

Mitigation & Remediation

Organizations should apply the available patches for the UberSlider PerpetuumMobile plugin immediately. If a patch is unavailable, consider implementing input validation and sanitization measures within the application code to prevent XSS vulnerabilities.

For further assistance in securing your applications, organizations can explore our penetration testing services.

Detection Guidance

Monitor application logs for unusual activity related to user input. Behavioral anomalies may indicate attempted XSS attacks. Implement network signatures to detect malicious payloads and review system changes that may signal exploitation attempts.

AppSecure Threat Intelligence Insight

The presence of CVE-2026-28100 highlights the ongoing need for organizations to be vigilant against input validation vulnerabilities. It serves as a reminder of the importance of secure coding practices and regular security assessments to identify and remediate potential weaknesses.

For more insights on vulnerability management, organizations can refer to our vulnerability management program design.

Additionally, organizations should consider conducting penetration testing to uncover other potential vulnerabilities.

Finally, organizations should stay informed on the latest trends in application security through our blog on cloud security to enhance their defensive strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-28100: High Vulnerability in LambertGroup UberSlider PerpetuumMobile