Developer status: notified. Developer response: issue has been fixed
Screen-shot of the XSS test:
Theme upgade is recommended. Theme developer has a support forum and online FAQ.
The number of affected sites is unknown. Themeforest statistics indicates that 4636 purchases have been completed. I tested nine different sites using this theme and they were all affected.
Further reading:
What's Cross-site Scripting - MakeUseOf-article, July 2012
Why XSS is so serious business a blog post by Troy Hunt, August 2012
The Open Web Application Security Project (OWASP) TOP-10-A2
No comments:
Post a Comment