Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
LambertGroup AllInOne Banner Rotator allows Malicious Scripts in Banners
CVE-2026-28112
Summary
A security issue in the LambertGroup AllInOne Banner Rotator plugin allows hackers to inject malicious code into your website through banners. This means a visitor to your site could potentially be tricked into running harmful scripts. Update the plugin to the latest version to fix this problem.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026