Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote malicious users to inject arbitrary web script or HTML via the search page.
extrosoft thyme 1.3