CVE-2026-25349

Name of the Vulnerable Software and Affected Versions skygroup Loobek versions prior to 1.5.2

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, potentially leading to reflected cross-site scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The input provided by a user is not correctly sanitized before being included in the generated web page.

Recommendations Update to a version greater than or equal to 1.5.2.