A vulnerability categorized as problematic has been discovered in loopus Cost Estimation & Payment Forms Builder Plugin up to 10.5.97. The affected element is an unknown function of the component Form Handler. The manipulation of the argument customerInfos results in cross site scripting.

This vulnerability is identified as CVE-2026-9253. The attack can be executed remotely. There is not any exploit available.