CVE-2026-25353

Name of the Vulnerable Software and Affected Versions skygroup Nooni versions prior to 1.5.1

Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component does not properly sanitize user-supplied input before including it in the generated web page, enabling the execution of arbitrary JavaScript code in the context of the user's browser.

Recommendations Update skygroup Nooni to version 1.5.1 or later.