A vulnerability, which was classified as problematic , has been found in GotoHTTP up to 10.2 . This issue affects some unknown processing of the file /reg.12x . The manipulation of the argument sn leads to cross site scripting. This vulnerability is listed as CVE-2026-13536 . The attack may be initiated remotely. In addition, an exploit is available. The vendor explains: "We immediately removed unnecessary parameter echo from source code. However the URL in the issue description will never be us