{"id":7766,"date":"2020-07-17T19:55:55","date_gmt":"2020-07-18T02:55:55","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&#038;p=7766"},"modified":"2023-02-06T11:05:44","modified_gmt":"2023-02-06T18:05:44","slug":"cve-2020-16140-thembay","status":"publish","type":"zerodays","link":"https:\/\/10.42.32.162\/zerodays\/cve-2020-16140-thembay\/","title":{"rendered":"CVE-2020-16140 &#8211; Reflected Cross-Site Scripting in Thembay"},"content":{"rendered":"<p>A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted web site. The application targets your\u00a0users and not the application itself, but it uses your application as the vehicle for the attack. XSS payload was executed when the user loads a malicious link generated using the ajax call back in Greenmart autocomplete search.<\/p>\n","protected":false},"featured_media":7770,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7766"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":7,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7766\/revisions"}],"predecessor-version":[{"id":13663,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7766\/revisions\/13663"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7770"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}