8 matches found
CVE-2023-4017
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
WordPress Goya theme <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters vulnerability
Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters vulnerability discovered by RE-ALTER in WordPress Theme Goya versions = 1.0.8.7...
WordPress Goya Theme <= 1.0.8.7 is vulnerable to Cross Site Scripting (XSS)
Software Goya Type Theme Vulnerable versions = 1.0.8.7 Fixed in 1.0.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4017 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0283a037aa0b Credits RE-ALTER Required privileg...
CVE-2023-4017
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2023-4017
CVE-2023-4017 (Goya Theme for WordPress) : Reflected XSS via parameters attra-color, attra-size, and product-cata in versions up to 1.0.8.7 due to insufficient input sanitization and output escaping. Exploitation by unauthenticated attackers could inject script in pages executed when a user click...
PT-2024-12862 · WordPress · Goya Theme For Wordpress
Name of the Vulnerable Software and Affected Versions: Goya theme for WordPress versions up to, and including, 1.0.8.7 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...