Vulnerability: Cross-site scripting in the WordPress Purity Theme
Danger: Low
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: WordPress Purity Theme
Affected versions: WordPress Purity TOPIC LINKS
Description:
The vulnerability allows malicious people to conduct XSS attacks.
The vulnerability is caused due to insufficient input validation in the parameter “s” in index.php and the parameters “contactName”, “email”, “subject” and “comments” on the contact page. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Manufacturer URL: http://themeforest.net/item/purity-clean-minimal-bold-wordpress-theme/639774
Solution: The way to eliminate the vulnerability does not exist at present.
links:
http://osvdb.org/show/osvdb/85501
http://osvdb.org/show/osvdb/85502
