CVE-2024-54346

Name of the Vulnerable Software and Affected Versions: SKT Themes Barter versions 1.6 and below

Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability, specifically DOM-Based XSS. This problem occurs due to the improper handling of input when generating web pages.

Recommendations: For SKT Themes Barter versions 1.6 and below, consider disabling the DOM-based functionality until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation. Avoid using user-supplied input in the affected web page generation process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.