CVE-2026-27385

Name of the Vulnerable Software and Affected Versions DesignThemes Portfolio versions through 1.3

Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting (XSS). This allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability exists due to insufficient input validation or sanitization. The affected component is designthemes-portfolio.

Recommendations Update DesignThemes Portfolio to a version newer than 1.3.