EN FR DE
Portal Portal Forum Forum Devolutions force Devolutions force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy
Download
RDM RDM Workspace Workspace Launcher Launcher
MAIN MENU
Solutions

Packages

Remote desktop
management & IT operations

Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.

Workforce password management

Improve your security strategy without reducing productivity by using a password management solution.

Privileged access
management

Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.

Remote access
management

Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.

IT automation with PowerShell Universal

Streamline routine IT tasks and boost productivity with integrated scripting, orchestration, and reporting.

Devolutions
Remote Desktop Manager Free

Best all-in-one remote connection and credential management tool for independent IT users

blue box

Starter Pack

The whole power of Devolutions at half price for teams of 5

Compare all solution packages

Quick overview

Proof of concept: 100+ users?

Quick overview

Integration center

Unified solutions: seamless integrations with Devolutions

Compare our solution packages Get a quote
Products
Products

Devolutions
Remote Desktop Manager

The best remote connection manager in the industry

Devolutions
PAM

Privileged access manager built for IT professionals

Devolutions
Workspace

Secure remote access management — No VPN required

Devolutions
Launcher

Remote connection launching tool

Devolutions
Gateway

Secure remote access management - no VPN required
Devolutions PowerShell Universal

Devolutions
PowerShell Universal

Automate remote management with integrated dashboards and API's

Data sources
Devolutions Server Self-hosted credential manager
Devolutions Hub Business Cloud-hosted password manager
Companion tools
Devolutions Send
Devolutions Send Secrets sharing made quick, secure, and simple
Devolutions Agent
Devolutions Agent System service to control privileged operations
Discover Remote Desktop Manager Free
Resources
Resources

Devolutions Academy

Your FREE go-to hub for mastering Devolutions' suite of products and services.

Devolutions forum

The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.

Devolutions documentation

Get answers to product specifications, settings and more on our documentation.

Devolutions blog

Stay up to date with our weekly articles on our blog, the toolbox for your IT success.

On-demand Lab
Success stories
Reports & white papers
Devolutions force
Learn a quick tip in 5 minutes! Browse feature requests
Company
About
Devolutions Timeline Lifestyle
Media
Devolutions logos Wallpapers
Careers
Welcome Available positions Spontaneous application
Newsroom
Press releases Newsletters In the news
Security & compliance
Security Advisories Trust center Legal & privacy Report a security issue
Contact
Send message Send message Call me Call me
Technical support Sales Contact information

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

Back to listing

DEVO-2026-0001

PowerShell Universal is affected by a cross-site scripting vulnerability

Affected Products

PowerShell Universal
4.5.5 and earlier, 5.6.12 and earlier

Change Log

2026-01-07 - Initial publication

6.0 Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Cross-site scripting in the Show-UDToast component

The Show-UDToast component does not encode content passed in the Message parameter. This could expose applications to cross-site scripting if user provided data is used.

Affected Products

CVE(s)

CVE-2026-0618

Remediation and Workarounds

In versions prior to 4.5.6 and 5.6.13, apply HTML encoding to content prior to passing it to the Message parameter.