The Goto WordPress theme prior to 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boostifythemes goto |