Kubio Ai Page Builder
Monthly
Stored cross-site scripting (XSS) in Extend Themes Kubio AI Page Builder through version 2.7.0 allows authenticated users to inject malicious scripts that execute in the browsers of other users viewing affected pages. An attacker with user account access can inject unescaped input during page generation, leading to session hijacking, credential theft, or malware distribution. No public exploit code has been identified at the time of analysis.
Stored cross-site scripting (XSS) in Extend Themes Kubio AI Page Builder through version 2.7.0 allows authenticated users to inject malicious scripts that execute in the browsers of other users viewing affected pages. An attacker with user account access can inject unescaped input during page generation, leading to session hijacking, credential theft, or malware distribution. No public exploit code has been identified at the time of analysis.