What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.
Explanation of Vulnerability in Simple Terms
Kirki versions up to 6.0.11 contain a cross-site scripting vulnerability that allows attackers to inject malicious scripts into the site. The vulnerability requires user interaction—typically clicking a malicious link—and can affect multiple users across the site. Update to version 6.0.12 or later to patch this issue.
What an attacker can do
Inject malicious scripts that execute in users' browsers and steal data or perform actions on their behalf.
Potential impact on your site
Site visitors could be redirected, have their sessions hijacked, or have malware injected into pages they view.
Conditions required to exploit
Attacker must craft a malicious link and trick a site user into clicking it; no authentication required.
Key dates
External resources
Related vulnerabilities