What is the severity of CVE-2026-55650?

CVE-2026-55650 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-55650?

No known public exploits are currently available for CVE-2026-55650.

Is there a patch available for CVE-2026-55650?

Yes, patches are available for CVE-2026-55650. Check the vendor advisories for update instructions.

CVE-2026-55650 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-55650?

## Summary A Stored Cross-Site Scripting (XSS) issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using `dangerouslySetInnerHTML` ### Steps to Reproduce 1. Create a new dashboard. 2. Add a **Text widget**. 3. Insert the following payload: ```html ``` ### Architectural Context Outerbase Cloud and its backend services were discontinued in 2025. The current version of Outerbase Studio operates purely as a client-side application, with dashboard data stored locally in the browser. ### Impact In the current architecture, the impact is limited to local self-XSS within a user's browser session. The previously described scenarios involving: - authentication token theft - account takeover - database access are no longer applicable since there are no active backend services or authentication tokens. ### Remediation The unsafe HTML rendering in the Text Widget has been removed in commit https://github.com/outerbase/studio/commit/b06fb85e5967440278d5a815721b360920566ab9 by eliminating the use of dangerouslySetInnerHTML.

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

A Stored Cross-Site Scripting (XSS) issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML

Steps to Reproduce

Create a new dashboard.
Add a Text widget.
Insert the following payload:

<img src=x onerror="alert('XSS Executed\nToken: ' + localStorage.getItem('ob-token'))">

Architectural Context

Outerbase Cloud and its backend services were discontinued in 2025.

The current version of Outerbase Studio operates purely as a client-side application, with dashboard data stored locally in the browser.

Impact

In the current architecture, the impact is limited to local self-XSS within a user's browser session. The previously described scenarios involving:

authentication token theft
account takeover
database access

are no longer applicable since there are no active backend services or authentication tokens.

Remediation

The unsafe HTML rendering in the Text Widget has been removed in commit https://github.com/outerbase/studio/commit/b06fb85e5967440278d5a815721b360920566ab9 by eliminating the use of dangerouslySetInnerHTML.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com

Ready for Agentic Automated Testing?

CVE-2026-55650

Summary

Steps to Reproduce

Architectural Context

Impact

Remediation