CVE-2026-24973

Name of the Vulnerable Software and Affected Versions NooTheme CitiLights versions through 3.7.1

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The vulnerable component is noo-citilights.

Recommendations Update NooTheme CitiLights to a version later than 3.7.1.