Thebe: Hackers can inject malicious scripts into web pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Thebe: Hackers can inject malicious scripts into web pages

CVE-2026-22455

Summary

A security issue in Thebe could allow hackers to inject malicious code into web pages, potentially stealing user data or taking control of user sessions. This affects Thebe versions up to 1.3.0. Update to a newer version of Thebe to fix this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thebe thebe allows Reflected XSS.This issue affects Thebe: from n/a through <= ...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/thebe/vulnerability/wordpress-th...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026