) identified in the Nicepage website builder, a popular tool for creating WordPress and Joomla themes. Vulnerability Overview The flaw is a Cross-Site Scripting (XSS)
vulnerability. In version 4.5.4, the application failed to properly sanitize user-supplied input before rendering it on a page. This allowed attackers to inject malicious scripts into web pages viewed by other users. How the Exploit Works Injection Point
If you are using an older version of Nicepage, follow these steps to secure your site: Update Immediately
: Attackers target input fields or parameters that the Nicepage builder processes, such as theme settings or content blocks. Payload Execution