ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ScoreMe Theme - Cross Site Scripting

Product
ScoreMe
Description
Because of this vulnerability in the "s" value of the "index.php" file, remote attackers are able to inject own malicious script codes to the client-side of the affected web-application.
Solution
Update the theme.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
SecLists
CVE
Name CVE-N/A
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2016-04-04
Submitter
ThreatPress