2 matches found
WordPress Goya Theme <= 1.0.8.7 is vulnerable to Cross Site Scripting (XSS)
Software Goya Type Theme Vulnerable versions = 1.0.8.7 Fixed in 1.0.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4017 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0283a037aa0b Credits RE-ALTER Required privileg...
CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...