Description
This WordPress theme is prone to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary script or HTML.
## Solution
Update the theme.
Affected Software
{"id": "PATCHSTACK:968F46EF1B118D9D7EB7CCACDB6EF94A", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress ColorWay Theme <= 3.4.1 - Cross Site Scripting", "description": "This WordPress theme is prone to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary script or HTML.\r\n\n\n## Solution\n\n\r\n Update the theme. \r\n ", "published": "2016-07-26T00:00:00", "modified": "2016-07-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://patchstack.com/database/vulnerability/colorway/wordpress-colorway-theme-3-4-1-cross-site-scripting", "reporter": "N/A", "references": ["http://seclists.org/fulldisclosure/2016/Jul/76"], "cvelist": [], "immutableFields": [], "lastseen": "2022-06-01T19:40:42", "viewCount": 1, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "affectedSoftware": [{"version": "3.4.1", "operator": "le", "name": "colorway"}], "vendor_cvss": {"score": "3.1", "severity": "Unknown severity"}, "owasp": "A3: Cross Site Scripting (XSS)", "classification": "Cross Site Scripting (XSS)"}
{}
WordPress ColorWay Theme <= 3.4.1 - Cross Site Scripting