László Radnai

**Nome do software vulnerável e versões afetadas** Glaze Blog Lite versões 1.1.4 e anteriores Fascinate versão 1.0.8 Cream Blog versão 2.1.3 Cream Magazine versão 2.1.4 **Descrição** O problema está relacionado à neutralização inadequada de entradas durante a geração de páginas da Web, também conhecida como Cross-site Scripting. Isso permite ataques XSS refletidos. **Recomendações** Para as versões 1.1.4 e anteriores do Glaze Blog Lite, atualize para uma versão posterior à 1.1.4. Para o Fascinate versão 1.0.8, atualize para uma versão posterior à 1.0.8. Para o Cream Blog versão 2.1.3, atualize para uma versão posterior à 2.1.3. Para o Cream Magazine versão 2.1.4, atualize para uma versão posterior à 2.1.4.

**Name of the Vulnerable Software and Affected Versions** Wishfulthemes Raise Mag versions 1.0.0 through 1.0.7 Wishfulthemes Wishful Blog versions 1.0.0 through 2.0.1 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting (XSS). Specifically, it allows Reflected XSS. **Recommendations** For Wishfulthemes Raise Mag versions 1.0.0 through 1.0.7, update to a version later than 1.0.7 to resolve the issue. For Wishfulthemes Wishful Blog versions 1.0.0 through 2.0.1, update to a version later than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest News Pro theme versions 1.1.7 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows for the execution of malicious scripts on the client-side, potentially leading to unauthorized actions. **Recommendations** For versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the theme to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Everest Themes Arya Multipurpose Pro theme versions 1.0.8 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions. **Recommendations** For versions 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Everest News theme versions prior to 1.1.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker could potentially inject malicious scripts into a website using the Everest News theme, which could then be executed by users' browsers. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest themes Mocho Blog theme versions 1.0.4 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest Themes Arya Multipurpose theme versions 1.0.5 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 1.0.5 and earlier, update to a version later than 1.0.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Everest themes Viable Blog theme versions <= 1.1.4 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.1.4, update to a version higher than 1.1.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.