Automotive Car Dealership Business
Monthly
Reflected cross-site scripting in the Automotive Car Dealership Business WordPress theme (versions 13.3.3 and earlier by ThemeSuite) lets unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (AV:N/PR:N/UI:R/S:C) confirms network-based, unauthenticated exploitation that requires user interaction and crosses a security scope boundary. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV.
Reflected cross-site scripting in the Automotive Car Dealership Business WordPress theme (versions 13.3.3 and earlier by ThemeSuite) lets unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (AV:N/PR:N/UI:R/S:C) confirms network-based, unauthenticated exploitation that requires user interaction and crosses a security scope boundary. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV.