PT-2023-9872 · Unknown · Turante Sandbox Theme
Prentiss Riddle
·
Published
2023-04-09
·
Updated
2024-05-17
·
CVE-2009-10004
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Turante Sandbox Theme versions up to 1.5.2
Description
A problematic issue was found in the Turante Sandbox Theme, affecting the
sandbox body class function of the file functions.php. The manipulation of the page argument leads to cross-site scripting. It is possible to initiate the attack remotely.Recommendations
For versions up to 1.5.2, upgrade to version 1.6.1 to address this issue. As a temporary workaround, consider restricting access to the
sandbox body class function until the upgrade is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Turante Sandbox Theme