CVE-2026-22524

Publication date

2026-03-25 16:14:29

Family

Patchstack

State

PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from n/a through <= 9.5.