The vulnerability CVE-2026-28126 affects sizam RH Frontend Publishing Pro (versions before 4.3.4) and is caused by improper neutralization of input during web page generation, resulting in a reflected Cross-site Scripting (XSS) flaw. This allows attackers to inject malicious scripts that execute when a user interacts with a crafted link or input, potentially compromising user data or session integrity. The CVSS 3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this reflected XSS vulnerability can lead to partial disclosure of sensitive information, modification of data in the user's context, and disruption of service availability. However, no known exploits in the wild have been reported. The vulnerability requires user interaction and can be triggered remotely over the network without authentication.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates on patches or official mitigations.