Cross-Site Scripting Vulnerability in ThemeFusion Fusion Builder

CVE-2026-25472

What is CVE-2026-25472?

An improper neutralization of input during web page generation leads to a Cross-Site Scripting (XSS) vulnerability in ThemeFusion's Fusion Builder. This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of a user's browser session, potentially compromising sensitive data or leading to malicious actions. The issue affects all versions up to 3.14.3, emphasizing the need for timely updates to safeguard against exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References