CVE-2023-3708

Summary

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affected Software

VendorProductVersion RangeStatus
deothemesAmela0 <= 1.0.13affected
DeothemesMedikAidMedical Health Care RTL WordPress Theme0 <= 1.1.2
deothemesArendelle0 <= 1.1.12affected
deothemesNokke0 <= 1.2.3affected
deothemesEverse0 <= 1.8.10affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References