The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the user will move the mouse over the Search field
CPE | Name | Operator | Version |
---|---|---|---|
classified-listing | lt | 2.2.14 | |
classified-listing-pro | lt | 2.0.20 | |
classified-listing-store | lt | 1.4.20 | |
classima-core | lt | 1.10 | |
classima | lt | 2.1.11 |