RH Frontend Publishing Pro: Cross-site Scripting in Web Page Generation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

RH Frontend Publishing Pro: Cross-site Scripting in Web Page Generation

CVE-2026-28126

Summary

The RH Frontend Publishing Pro system doesn't correctly filter user input, which can allow an attacker to inject malicious code into web pages. This could let an attacker trick users into doing something they shouldn't, like revealing sensitive information. To protect your system, update to a version of RH Frontend Publishing Pro that is not affected by this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Fronten...

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/rh-frontend/vulnerability/wordp...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026