What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <= 3.20.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <= 3.20.5.
Explanation of Vulnerability in Simple Terms
Flatsome versions up to 3.20.5 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. The vulnerability requires user interaction—typically clicking a malicious link—and can affect multiple users if the injected content is stored. Site visitors may have their sessions hijacked, credentials stolen, or be redirected to phishing pages.
What an attacker can do
Inject malicious JavaScript that runs in visitors' browsers and steals session cookies or credentials.
Potential impact on your site
Visitors' accounts and data at risk; site reputation damaged if used for phishing or malware distribution.
Conditions required to exploit
Attacker must craft a malicious link or stored payload; victim must click the link or visit an affected page.
Key dates
External resources
Related vulnerabilities