Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-6648

3.5 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 day, 23 hours ago Activity log

Created suggestion 1 day, 23 hours ago

Qibo CMS Internal Message cross site scripting

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-358282 | Qibo CMS Internal Message cross site scripting vdb-entry
VDB-358282 | CTI Indicators (IOB, IOC, TTP) permissions-requiredsignature
Submit #793450 | Guangzhou Qibo Network Technology Co., Ltd. Qibo CMS (x1_of_cms) X1.0 XSS third-party-advisory
https://tcn60zf28jhk.feishu.cn/wiki/FHHMwcwCliOd0Bke3XkcEz3Enuc?from=from_copyl… exploit

Affected products

CMS

==1.0

Matching in nixpkgs

pkgs.cmst

QT GUI for Connman with system tray icon

nixos-unstable 2023.03.14
- nixpkgs-unstable 2023.03.14
- nixos-unstable-small 2023.03.14
nixos-25.11 2023.03.14
- nixos-25.11-small 2023.03.14
- nixpkgs-25.11-darwin 2023.03.14

pkgs.lcms

Color management engine

nixos-unstable 2.18
- nixpkgs-unstable 2.18
- nixos-unstable-small 2.18
nixos-25.11 2.17
- nixos-25.11-small 2.17
- nixpkgs-25.11-darwin 2.17

pkgs.lcms1

Color management engine

nixos-unstable 1.19
- nixpkgs-unstable 1.19
- nixos-unstable-small 1.19
nixos-25.11 1.19
- nixos-25.11-small 1.19
- nixpkgs-25.11-darwin 1.19

pkgs.lcms2

Color management engine

nixos-unstable 2.18
- nixpkgs-unstable 2.18
- nixos-unstable-small 2.18
nixos-25.11 2.17
- nixos-25.11-small 2.17
- nixpkgs-25.11-darwin 2.17

pkgs.cppcms

High Performance C++ Web Framework

nixos-unstable 2.0.0.beta2
- nixpkgs-unstable 2.0.0.beta2
- nixos-unstable-small 2.0.0.beta2
nixos-25.11 2.0.0.beta2
- nixos-25.11-small 2.0.0.beta2
- nixpkgs-25.11-darwin 2.0.0.beta2

pkgs.xcmsdb

Device Color Characterization utility for X Color Management System

nixos-unstable 1.0.7
- nixpkgs-unstable 1.0.7
- nixos-unstable-small 1.0.7
nixos-25.11 1.0.7
- nixos-25.11-small 1.0.7
- nixpkgs-25.11-darwin 1.0.7

pkgs.argyllcms

Color management system (compatible with ICC)

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1
nixos-25.11 3.4.1
- nixos-25.11-small 3.4.1
- nixpkgs-25.11-darwin 3.4.1

pkgs.pcmsolver

API for the Polarizable Continuum Model

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.xorg.xcmsdb

Device Color Characterization utility for X Color Management System

nixos-25.11 1.0.7
- nixos-25.11-small 1.0.7
- nixpkgs-25.11-darwin 1.0.7

pkgs.luaPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0
nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.lua51Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0
nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.lua52Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0
nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.lua53Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0
nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.lua54Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0
nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.lua55Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.python312Packages.cmsdials

Python API client interface to CMS DIALS service

nixos-25.11 1.5.0
- nixos-25.11-small 1.5.0
- nixpkgs-25.11-darwin 1.5.0

pkgs.python312Packages.dcmstack

DICOM to Nifti conversion preserving metadata

nixos-25.11 0.9-unstable-2024-12-05
- nixos-25.11-small 0.9-unstable-2024-12-05
- nixpkgs-25.11-darwin 0.9-unstable-2024-12-05

pkgs.python313Packages.cmsdials

Python API client interface to CMS DIALS service

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.5.0
- nixos-25.11-small 1.5.0
- nixpkgs-25.11-darwin 1.5.0

pkgs.python313Packages.dcmstack

DICOM to Nifti conversion preserving metadata

nixos-unstable 0.9-unstable-2024-12-05
- nixpkgs-unstable 0.9-unstable-2024-12-05
- nixos-unstable-small 0.9-unstable-2024-12-05
nixos-25.11 0.9-unstable-2024-12-05
- nixos-25.11-small 0.9-unstable-2024-12-05
- nixpkgs-25.11-darwin 0.9-unstable-2024-12-05

pkgs.python314Packages.cmsdials

Python API client interface to CMS DIALS service

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0

pkgs.python314Packages.dcmstack

DICOM to Nifti conversion preserving metadata

nixos-unstable 0.9-unstable-2024-12-05
- nixpkgs-unstable 0.9-unstable-2024-12-05
- nixos-unstable-small 0.9-unstable-2024-12-05

pkgs.luajitPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-25.11 0.4.0-0
- nixos-25.11-small 0.4.0-0
- nixpkgs-25.11-darwin 0.4.0-0

pkgs.python312Packages.cmsis-svd

CMSIS SVD parser

nixos-25.11 0.6
- nixos-25.11-small 0.6
- nixpkgs-25.11-darwin 0.6

pkgs.python312Packages.pyemoncms

Python library for emoncms API

nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python313Packages.cmsis-svd

CMSIS SVD parser

nixos-unstable 0.6
- nixpkgs-unstable 0.6
- nixos-unstable-small 0.6
nixos-25.11 0.6
- nixos-25.11-small 0.6
- nixpkgs-25.11-darwin 0.6

pkgs.python313Packages.pyemoncms

Python library for emoncms API

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3
nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python314Packages.cmsis-svd

CMSIS SVD parser

nixos-unstable 0.6
- nixpkgs-unstable 0.6
- nixos-unstable-small 0.6

pkgs.python314Packages.pyemoncms

Python library for emoncms API

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3

pkgs.python312Packages.django-cms

Lean enterprise content management powered by Django

nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.python313Packages.django-cms

Lean enterprise content management powered by Django

nixos-unstable 5.0.6
- nixpkgs-unstable 5.0.6
- nixos-unstable-small 5.0.6
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.python314Packages.django-cms

Lean enterprise content management powered by Django

nixos-unstable 5.0.6
- nixpkgs-unstable 5.0.6
- nixos-unstable-small 5.0.6

pkgs.python312Packages.djangocms-alias

Lean enterprise content management powered by Django

nixos-25.11 3.0.2
- nixos-25.11-small 3.0.2
- nixpkgs-25.11-darwin 3.0.2

pkgs.python313Packages.djangocms-alias

Lean enterprise content management powered by Django

nixos-unstable 3.0.3
- nixpkgs-unstable 3.0.3
- nixos-unstable-small 3.0.3
nixos-25.11 3.0.2
- nixos-25.11-small 3.0.2
- nixpkgs-25.11-darwin 3.0.2

pkgs.python314Packages.djangocms-alias

Lean enterprise content management powered by Django

nixos-unstable 3.0.3
- nixpkgs-unstable 3.0.3
- nixos-unstable-small 3.0.3

pkgs.vscode-extensions.cmschuetz12.wal

None

nixos-unstable cmschuetz12-wal-0.1.0
- nixpkgs-unstable cmschuetz12-wal-0.1.0
- nixos-unstable-small cmschuetz12-wal-0.1.0
nixos-25.11 cmschuetz12-wal-0.1.0
- nixos-25.11-small cmschuetz12-wal-0.1.0
- nixpkgs-25.11-darwin cmschuetz12-wal-0.1.0

pkgs.python312Packages.cmsis-pack-manager

Rust and Python module for handling CMSIS Pack files

nixos-25.11 0.5.2
- nixos-25.11-small 0.5.2
- nixpkgs-25.11-darwin 0.5.2

pkgs.python313Packages.cmsis-pack-manager

Rust and Python module for handling CMSIS Pack files

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.11 0.5.2
- nixos-25.11-small 0.5.2
- nixpkgs-25.11-darwin 0.5.2

pkgs.python314Packages.cmsis-pack-manager

Rust and Python module for handling CMSIS Pack files

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.home-assistant-component-tests.emoncms

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.python312Packages.djangocms-admin-style

Django Theme tailored to the needs of django CMS

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.djangocms-admin-style

Django Theme tailored to the needs of django CMS

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.djangocms-admin-style

Django Theme tailored to the needs of django CMS

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.tests.home-assistant-components.emoncms

Open source home automation that puts local control and privacy first

nixos-unstable 2026.4.2
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.3

pkgs.python312Packages.djangocms-text-ckeditor

Text Plugin for django CMS using CKEditor 4

nixos-25.11 5.1.7
- nixos-25.11-small 5.1.7
- nixpkgs-25.11-darwin 5.1.7

pkgs.python313Packages.djangocms-text-ckeditor

Text Plugin for django CMS using CKEditor 4

nixos-unstable 5.1.7
- nixpkgs-unstable 5.1.7
- nixos-unstable-small 5.1.7
nixos-25.11 5.1.7
- nixos-25.11-small 5.1.7
- nixpkgs-25.11-darwin 5.1.7

pkgs.python314Packages.djangocms-text-ckeditor

Text Plugin for django CMS using CKEditor 4

nixos-unstable 5.1.7
- nixpkgs-unstable 5.1.7
- nixos-unstable-small 5.1.7

pkgs.home-assistant-component-tests.emoncms_history

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.fetchFromGitHub.sparseCheckoutNonConeMode

None

nixos-unstable sxn6w0imccms
- nixpkgs-unstable sxn6w0imccms
- nixos-unstable-small sxn6w0imccms

pkgs.tests.home-assistant-components.emoncms_history

Open source home automation that puts local control and privacy first

nixos-unstable 2026.4.2
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.3

Package maintainers

@matejc Matej Cotman <cotman.matej@gmail.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@juliendehos Julien Dehos <dehos@lisic.univ-littoral.fr>
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
@ShamrockLee Yueh-Shun Li <shamrocklee@posteo.net>
@frogamic Dominic Shelton <frogamic@protonmail.com>
@sbruder Simon Bruder <nixos@sbruder.de>
@jollheef Mikhail Klementev <root@dumpstack.io>
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
@onny Jonas Heinrich <onny@project-insanity.org>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>