CVE-2026-24391

Name of the Vulnerable Software and Affected Versions ThemeMakers Car Dealer versions n/a through 1.6.7

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to reflected cross-site scripting (XSS). This allows an attacker to inject malicious scripts into a website, potentially compromising user data or taking control of the affected system. The vulnerable component is related to web page generation.

Recommendations Update ThemeMakers Car Dealer to a version later than 1.6.7.