Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

Improper neutralization of user input during web page generation allows an attacker to inject malicious scripts that run in the victim’s browser. This reflected cross‑site scripting can lead to unauthorized data disclosure, cookie theft, session hijacking or manipulation of the webpage content, affecting confidentiality, integrity and potentially availability when the script disrupts user interaction.

Affected Systems

The vulnerability affects the WordPress Miti theme developed by skygroup. All installations running any version prior to 1.5.3 are impacted; the highest affected version is identified as any release earlier than 1.5.3.

Risk and Exploitability

The CVSS score of 7.1 indicates a high risk level. Exploit potential is not quantified by an EPSS score, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is through crafted URLs or input fields that are reflected in page output, so a remote attacker can trigger the XSS by visiting a malicious link. The impact is scoped to users who view the affected page, giving attackers the ability to test or execute scripts within the victim’s browser context.

Generated by OpenCVE AI on March 25, 2026 at 23:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WordPress Miti theme to version 1.5.3 or later.

Generated by OpenCVE AI on March 25, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Skygroup
Skygroup miti
Wordpress
Wordpress wordpress
Vendors & Products Skygroup
Skygroup miti
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.
Title WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Skygroup Miti
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-24T15:35:37.146Z

Reserved: 2026-02-02T12:52:42.958Z

Link: CVE-2026-25350

cve-icon Vulnrichment

Updated: 2026-03-25T20:06:29.648Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:16:45.767

Modified: 2026-04-24T16:32:53.997

Link: CVE-2026-25350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:52Z

Weaknesses