CVE-2026-32528

Name of the Vulnerable Software and Affected Versions don-themes Riode versions prior to 1.6.29

Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is susceptible to attacks where an attacker can craft a malicious URL containing a script, which, when visited by a user, executes the script in the user's browser. The API endpoints and vulnerable parameters are not specified.

Recommendations Update don-themes Riode to version 1.6.29 or later.