CVE-2020-17362

Nova Lite theme for WordPress (versions before 1.3.9) is affected by a reflected XSS vulnerability in search.php. The issue arises because user-supplied search queries are not properly sanitized, allowing an attacker to inject scripts. Exploitation appears to be unauthenticated (as per multiple s...