Cross-site scripting in eLabFTW - #VU137356
Published: July 12, 2026
eLabFTW
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to cross-site scripting in the experiment/resource metadata rendering when handling stored metadata content on the experiment or resource list page. A remote user can store a crafted payload to escalate privileges.
User interaction is required when a sysadmin opens the normal experiment or resource list page.