Title: lescus's Replies | WordPress.org --- # lescus [ ](https://wordpress.org/support/users/lescus/) * [Profile](https://wordpress.org/support/users/lescus/) * [Topics Started](https://wordpress.org/support/users/lescus/topics/) * [Replies Created](https://wordpress.org/support/users/lescus/replies/) * [Reviews Written](https://wordpress.org/support/users/lescus/reviews/) * [Topics Replied To](https://wordpress.org/support/users/lescus/replied-to/) * [Engagements](https://wordpress.org/support/users/lescus/engagements/) * [Favorites](https://wordpress.org/support/users/lescus/favorites/) Search replies: ## Forum Replies Created Viewing 2 replies - 1 through 2 (of 2 total) * Forum: [Themes and Templates](https://wordpress.org/support/forum/themes-and-templates/) In reply to: [[Mighty Builders] Potential XSS Issue in Mighty Builders Theme](https://wordpress.org/support/topic/potential-xss-issue-in-mighty-builders-theme/) * Thread Starter [lescus](https://wordpress.org/support/users/lescus/) * (@lescus) * [12 months ago](https://wordpress.org/support/topic/potential-xss-issue-in-mighty-builders-theme/#post-18462634) * Hi Amun, * Thank you again for your earlier reply. * As a follow-up, Iโ€™m attaching a security test result from our internal team, who used Burp Suite to scan the site running the Mighty Builders theme. The report flags a potential XSS vector involving malformed asset paths. * While we understand that the specific path in question currently returns a 404 and may not be routable, automated tools such as Burp can still treat such structures as indicators of possible misconfigurations or missing sanitization โ€” especially when `javascript:` payloads can be passed as part of asset URLs. Report excerpt: [https://drive.google.com/file/d/1UynD-OxIoF57AXH3dwB41KiSemzZ92UJ/view?usp=sharing](https://drive.google.com/file/d/1UynD-OxIoF57AXH3dwB41KiSemzZ92UJ/view?usp=sharing) * Weโ€™re sharing this report not as proof of an active vulnerability, but to provide full context in case it helps you review or harden asset routing and validation logic in the theme. * Please let us know if you need additional details. * Best regards, Lescus - This reply was modified 12 months ago by [lescus](https://wordpress.org/support/users/lescus/). - This reply was modified 12 months ago by [lescus](https://wordpress.org/support/users/lescus/). - This reply was modified 12 months ago by [lescus](https://wordpress.org/support/users/lescus/). - This reply was modified 12 months ago by [lescus](https://wordpress.org/support/users/lescus/). - This reply was modified 12 months ago by [lescus](https://wordpress.org/support/users/lescus/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Firelight Lightbox] Request to update DOMPurify to version 3.2.5](https://wordpress.org/support/topic/request-to-update-dompurify-to-version-3-2-5/) * Thread Starter [lescus](https://wordpress.org/support/users/lescus/) * (@lescus) * [1 year, 1 month ago](https://wordpress.org/support/topic/request-to-update-dompurify-to-version-3-2-5/#post-18409358) * Thank you for the quick response and update! I really appreciate your prompt action on this โ€“ much respect for maintaining the plugin so responsibly ๐Ÿ™‚ Viewing 2 replies - 1 through 2 (of 2 total)