Vulnerability: Cross-site scripting in the WordPress Purity Theme
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: WordPress Purity Theme
Affected versions: WordPress Purity TOPIC LINKS
The vulnerability allows malicious people to conduct XSS attacks.
The vulnerability is caused due to insufficient input validation in the parameter “s” in index.php and the parameters “contactName”, “email”, “subject” and “comments” on the contact page. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Solution: The way to eliminate the vulnerability does not exist at present.