Description
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
References
https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
ExploitThird Party Advisory
https://www.wowthemes.net/themes/mediumish-wordpress/
ProductVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-01T14:15:08.953
4 years agoLast modified
2021-06-09T20:28:29.117
4 years ago