K3N4Ng

**Name of the Vulnerable Software and Affected Versions** uDesign theme versions 2.3.0 through 2.7.9 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. An example of exploitation is using `#<svg onload=alert(1)>` to execute malicious code. **Recommendations** For versions 2.3.0 through 2.7.9, update to version 2.7.10 or later to resolve the issue.