What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
Explanation of Vulnerability in Simple Terms
Riode versions before 1.6.29 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. The vulnerability requires user interaction—victims must visit a crafted link or page. When exploited, attackers can steal session cookies, redirect users, or deface content. The impact extends beyond the vulnerable component to affect other parts of the application.
What an attacker can do
Inject malicious scripts that execute in visitors' browsers to steal data or redirect users.
Potential impact on your site
Visitors' sessions and data can be compromised; site reputation and user trust may be damaged.
Conditions required to exploit
Victim must click a malicious link or visit an attacker-controlled page; no authentication required.
Key dates
External resources
Related vulnerabilities