CVE-2026-25006
Awaiting Analysis
Awaiting Analysis - Queue
Cross-Site Scripting in 8theme XStore β€ 9.6.4 Enables Code Injection
Publication date: 2026-02-19
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 8theme | xstore | to 9.6.4 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
