A vulnerability marked as problematic has been reported in 1Panel-dev CordysCRM up to 1.6.2 . This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java . The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-10514 . Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.