3 matches found
CVE-2024-33540
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6...
CVE-2024-33540
CVE-2024-33540 affects ThemeGrill ColorNews (WordPress theme) prior to 1.2.6. The issue is an authenticated Stored XSS caused by improper neutralization of input during web page generation. Impact is stored cross-site scripting on ColorNews pages; the Wordfence/Red Hat entries confirm the vulnera...
WordPress ColorNews Theme <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)
Software ColorNews Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33540 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 989f992f9a05 Credits stealthcopter Required privilege Contributor...