Boutique
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the kutethemes Boutique WordPress theme versions prior to 2.4.6, allowing attackers to inject malicious scripts into web pages viewed by other users. An attacker can craft a malicious URL containing unsanitized input that, when clicked by a victim, executes arbitrary JavaScript in the victim's browser within the context of the affected website. This vulnerability enables session hijacking, credential theft, malware distribution, and defacement of affected e-commerce sites running vulnerable versions of the Boutique theme.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the kutethemes Boutique WordPress theme versions prior to 2.4.6, allowing attackers to inject malicious scripts into web pages viewed by other users. An attacker can craft a malicious URL containing unsanitized input that, when clicked by a victim, executes arbitrary JavaScript in the victim's browser within the context of the affected website. This vulnerability enables session hijacking, credential theft, malware distribution, and defacement of affected e-commerce sites running vulnerable versions of the Boutique theme.