CVE-2026-34127
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
29/05/2026
Last modified:
01/06/2026
Description
A stored<br />
cross-site scripting (XSS) vulnerability has been identified in the web<br />
management interface of TP-Link&#39;s TL-SG108PE v5 switch due to improper sanitation of the SYSNAM<br />
configuration parameter during configuration file import. An attacker with<br />
administrator access can inject malicious script into the device configuration,<br />
which may be stored and executed in the administrator’s browser when the<br />
affected interface is viewed. <br />
<br />
<br />
<br />
<br />
<br />
Successful<br />
exploitation may allow session cookie theft, unauthorized configuration<br />
changes, or access to sensitive information exposed through the management<br />
interface.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tp-link:tl-sg108pe_firmware:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-sg108pe:5.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



