CridioStudio ListingPro CVE-2026-28122
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
AnalysisAI
The ListingPro plugin for CridioStudio through version 2.9.8 contains a reflected cross-site scripting vulnerability that allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by users. Successful exploitation requires user interaction but can compromise confidentiality, integrity, and availability across security domains. No patch is currently available for affected installations.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects CridioStudio ListingPro listingpro-plugin. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
Affected ProductsAI
Product: CridioStudio ListingPro listingpro-plugin.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today