A vulnerability was found in Tina CMS up to 3.9.2. It has been declared as problematic. Impacted is an unknown function of the component Message Handler. Such manipulation of the argument event.data leads to cross site scripting.

This vulnerability is referenced as CVE-2026-55660. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.