ThemeGoods Musico CVE-2026-27367
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4.
AnalysisAI
Reflected cross-site scripting in ThemeGoods Musico through version 3.2.4 enables attackers to inject malicious scripts into web pages viewed by users, potentially compromising session data and user credentials. The vulnerability requires user interaction to trigger and affects all installations of the affected Musico versions, with no patch currently available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects ThemeGoods Musico musico. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4.
Affected ProductsAI
Product: ThemeGoods Musico musico.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today