Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.7.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Themefic / Tourfic0 – 2.11.7
Exploits & PoCs
- nucleiWordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scriptingby Shivam Kamboj