Nooni
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Nooni theme affecting versions prior to 1.5.1, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper neutralization of user input during web page generation, classified as CWE-79. Attackers can craft malicious URLs containing JavaScript payloads that execute in the context of a victim's browser when the link is visited, potentially leading to session hijacking, credential theft, or malware distribution.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Nooni theme affecting versions prior to 1.5.1, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper neutralization of user input during web page generation, classified as CWE-79. Attackers can craft malicious URLs containing JavaScript payloads that execute in the context of a victim's browser when the link is visited, potentially leading to session hijacking, credential theft, or malware distribution.