CVE-2026-22465

Name of the Vulnerable Software and Affected Versions SeventhQueen BuddyApp versions through 1.9.2

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages viewed by users. The vulnerability exists in the application's handling of user-supplied input, potentially enabling an attacker to execute arbitrary code within the context of a user's browser. The vulnerable component is susceptible to attacks where an attacker crafts a malicious URL containing the script, which, when clicked by a user, executes the injected code.

Recommendations Update SeventhQueen BuddyApp to a version later than 1.9.2.