CVE-2026-56283
MEDIUM
NVD
CVSS Score
5.4
Severity
MEDIUM
Published
Jul 08, 2026
Vendor
unknown
Description
Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and reputational damage.