Loobek
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Loobek theme (CWE-79: Improper Neutralization of Input During Web Page Generation) that allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects Loobek versions prior to 1.5.2, as documented by Patchstack and tracked under ENISA EUVD ID EUVD-2026-15664. An attacker can craft a malicious URL containing unescaped input that, when clicked by a victim, executes arbitrary JavaScript in the victim's browser context, potentially leading to session hijacking, credential theft, or malware distribution.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Loobek theme (CWE-79: Improper Neutralization of Input During Web Page Generation) that allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects Loobek versions prior to 1.5.2, as documented by Patchstack and tracked under ENISA EUVD ID EUVD-2026-15664. An attacker can craft a malicious URL containing unescaped input that, when clicked by a victim, executes arbitrary JavaScript in the victim's browser context, potentially leading to session hijacking, credential theft, or malware distribution.