CVE-2026-27358

Name of the Vulnerable Software and Affected Versions ThemeGoods Architecturer versions through 3.8.8

Description The software contains a Reflected Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web pages. The vulnerability affects the application's handling of user-supplied input, potentially enabling an attacker to execute arbitrary code in the context of a user's browser. The vulnerable component is susceptible to attacks where malicious code is embedded within a crafted URL or input field.

Recommendations Versions prior to 3.8.8 should be updated.