Nova Blocks by Pixelgrade, CVE-2026-24528

CVE, Research URL: CVE-2026-24528
Home page URL: Security reports for Nova Blocks by Pixelgrade
Application: Nova Blocks by Pixelgrade
Published on: Jan 23, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.
Affected versions: max 2.1.9.
Status: vulnerable