CVE-2025-26922

Summary

CVE-2025-26922 is a Cross-site Scripting (XSS) vulnerability affecting the techthemes AuraMart from versions n/a through 2.0.7. Malicious scripts can be stored and executed in web pages generated by the application, potentially allowing attackers to inject malicious code into users' browsers. This vulnerability poses a serious risk to users, as it can lead to data theft, session hijacking, or other forms of unauthorized access. Attackers can exploit this issue by tricking users into visiting a malicious website or by injecting the malicious code into legitimate websites. Users and administrators are strongly advised to update their AuraMart installations to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.