Sanzo
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Sanzo theme by skygroup, allowing authenticated or unauthenticated attackers to inject malicious scripts that are permanently stored and executed in the context of other users' browsers. This vulnerability affects Sanzo versions prior to 2.4.3 and has been documented by Patchstack as a high-risk input validation failure. Attackers can leverage this to steal session cookies, perform actions on behalf of users, or redirect victims to malicious sites.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Sanzo theme by skygroup, allowing authenticated or unauthenticated attackers to inject malicious scripts that are permanently stored and executed in the context of other users' browsers. This vulnerability affects Sanzo versions prior to 2.4.3 and has been documented by Patchstack as a high-risk input validation failure. Attackers can leverage this to steal session cookies, perform actions on behalf of users, or redirect victims to malicious sites.