CVE-2026-28130

Name of the Vulnerable Software and Affected Versions AndonDesign UDesign versions through 4.14.0

Description The software contains a flaw due to improper input handling during web page creation, which allows for Reflected Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by users. The vulnerability allows an attacker to inject arbitrary web scripts or HTML. The affected component is not specified.

Recommendations Update to a version later than 4.14.0.