CVE-2026-22438

Name of the Vulnerable Software and Affected Versions TheBi versions through 1.0.5

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-Site Scripting (XSS). This allows an attacker to inject malicious scripts into a web page viewed by another user. The vulnerability exists because the application does not adequately sanitize user input before including it in the generated HTML output. The vulnerable component is susceptible to attacks where an attacker crafts a malicious URL containing the XSS payload. When a user clicks on this URL, the malicious script is executed in their browser within the context of the vulnerable website. This could allow the attacker to steal cookies, redirect the user to a malicious website, or modify the content of the web page.

Recommendations Update TheBi to a version greater than 1.0.5.