The search feature of the theme does not properly sanitise it’s ‘s’ GET parameter before output it back the page, leading to the Cross-SIte Scripting issue. The vendor has been unresponsive to any form of contact
https://example.com/?post_type=post&s;="><script>alert(/XSS/)</script> https://www.themepush.com/demo-mediumish/?post_type=post&s;="><script>alert(/XSS/)</script>
CPE | Name | Operator | Version |
---|---|---|---|
mediumishh | eq | * |