CVE-2026-22440

Name of the Vulnerable Software and Affected Versions Thecs versions through 1.4.7

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not properly sanitize user-supplied input before including it in the generated web page. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser. The vulnerable component is susceptible to attacks where an attacker crafts a malicious URL containing the XSS payload. When a user clicks on this URL, the malicious script is executed, potentially allowing the attacker to steal cookies, redirect the user to a malicious website, or modify the content of the web page.

Recommendations Update Thecs to a version later than 1.4.7.