Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
GT3themes Diamond Cross-Site Scripting Risk: Data Theft or Fake Sites
CVE-2025-69391
Summary
The GT3themes Diamond software does not properly filter user input, allowing hackers to inject malicious code into your website. This could let them steal sensitive data or display fake websites that look like yours, misleading your visitors. Update to version 2.4.9 or later to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= ...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026