CVE-2026-25442

Name of the Vulnerable Software and Affected Versions QantumThemes Kentha versions through 4.7.2

Description A Reflected Cross-site Scripting (XSS) issue exists in QantumThemes Kentha due to improper neutralization of input during web page generation. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability occurs when processing user-supplied input without sufficient validation or encoding. The vulnerable component is susceptible to attacks where an attacker can craft a malicious URL containing a script that will be executed in the context of the victim's browser. The affected parameter is not specified.

Recommendations Update QantumThemes Kentha to a version later than 4.7.2.