Description
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Affected products
- antisocialmediallc / antisnews1.9
- antisocialmediallc / antisnews1.0 – 1.0
- antisocialmediallc / antisnews1.1 – 1.1
- antisocialmediallc / antisnews1.2 – 1.2
- antisocialmediallc / antisnews1.3 – 1.3
- antisocialmediallc / antisnews1.4 – 1.4
- antisocialmediallc / antisnews1.5 – 1.5
- antisocialmediallc / antisnews1.6 – 1.6
- antisocialmediallc / antisnews1.7 – 1.7
- antisocialmediallc / antisnews1.8 – 1.8
References
- VENDOR_ADVISORYhttps://sitewat.ch/en/Advisories/15