{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81374?format=json","vulnerability_id":"VCID-hvv1-7bne-4ug1","summary":"Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding during DOM insertion. An attacker with Banner ERP write access can store malicious JavaScript in fields such as faculty displayName, emailAddress, subjectDescription, or courseTitle; these values are subsequently served unsanitized by the unauthenticated getFacultyMeetingTimes API endpoint, causing arbitrary script execution in the browser of any user who views the affected course's meeting times.","aliases":[{"alias":"CVE-2026-47106"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf","reference_id":"brochure-learn-more-about-ellucian-banner-self-service.pdf","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-10T13:35:54Z/"}],"url":"https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf"},{"reference_url":"https://www.vulncheck.com/advisories/ellucian-banner-self-service-stored-xss-via-getfacultymeetingtimes-api","reference_id":"ellucian-banner-self-service-stored-xss-via-getfacultymeetingtimes-api","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-10T13:35:54Z/"}],"url":"https://www.vulncheck.com/advisories/ellucian-banner-self-service-stored-xss-via-getfacultymeetingtimes-api"},{"reference_url":"https://www.ellucian.com/security-researcher-hall-of-fame","reference_id":"security-researcher-hall-of-fame","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-10T13:35:54Z/"}],"url":"https://www.ellucian.com/security-researcher-hall-of-fame"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}],"exploits":[],"severity_range_score":"5.1 - 5.4","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvv1-7bne-4ug1"}