CVE-2025-49893
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Nuss nuss allows Reflected XSS.This issue affects Nuss: from n/a through <= 1.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WordPress Nuss theme <=1.3.3 allows attackers to inject malicious scripts via crafted links.
Vulnerability
The Nuss theme for WordPress versions from n/a through 1.3.3 contains a reflected cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The vulnerability is classified as CWE-79 and allows an attacker to inject arbitrary HTML and JavaScript into the page output [1].
Exploitation
Exploitation requires user interaction, such as clicking a specially crafted link or visiting a maliciously prepared page. An unauthenticated attacker can craft a URL that, when visited by a victim (including privileged users), causes the injected script to execute in the context of the victim's browser session [1].
Impact
Successful exploitation can lead to a range of malicious activities, including redirecting visitors to arbitrary sites, displaying unauthorized advertisements, stealing cookies or session tokens, and potentially performing actions on behalf of the victim if they have appropriate privileges [1].
Mitigation
The vendor has not yet released an official patch, but Patchstack has provided a virtual mitigation rule to block attacks until a proper fix is available. Users are advised to update the theme as soon as a patched version is released or apply the available mitigation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.