ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Truemag Theme - Cross Site Scripting

Product
Truemag
Description
The vulnerability is located in the "s" value of the page module GET method request. Because of this vulnerability remote attackers are able to inject own malicious script codes to the client-side of the online service web-application to compromise user session information or data.
Solution
Update the theme.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
SecLists
CVE
Name CVE-N/A
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2016-04-29
Submitter
ThreatPress