Gary Bairéad

**Name of the Vulnerable Software and Affected Versions** Headway theme versions prior to 3.8.9 **Description** The issue concerns a Cross-Site Scripting (XSS) flaw. This type of flaw occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker to inject malicious scripts into the content. The XSS vulnerability is specifically located in the license key field. **Recommendations** For versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the license key field to minimize the risk of exploitation.