What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
Explanation of Vulnerability in Simple Terms
02Summary
RT-Theme 18 Extensions contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects all versions up to 2.5 and requires user interaction to exploit. An attacker can steal session cookies, redirect users, or deface site content by tricking a victim into clicking a malicious link.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in other users' browsers, stealing cookies or redirecting them to phishing sites.
Potential impact on your site
04Site Impact
Site visitors can be redirected to malicious sites or have their session cookies stolen, compromising their accounts.
Conditions required to exploit
05Prerequisites
No authentication required. Victim must click an attacker-supplied link or visit a compromised page.
Key dates
06Disclosure timeline
July 13, 2026
CVE published