Lucene search
+L

CVE-2019-20212

🗓️ 13 Jan 2020 17:44:57Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 88 Views🌐 WEB

The CTHthemes CityBook, TownHub, and EasyBook WordPress themes before 2.3.4, 1.0.6, and 1.2.2 allow Persistent XSS

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
cnvd
WordPress CTHthemes CityBook, TownHub and EasyBook Cross-Site Scripting Vulnerabilities (CNVD-2020-16668)
22 Jan 202000:00
cnvd
cvelist
CVE-2019-20212
13 Jan 202017:44
cvelist
euvd
EUVD-2019-10766
7 Oct 202500:30
euvd
nvd
CVE-2019-20212
13 Jan 202018:15
nvd
osv
CVE-2019-20212
13 Jan 202018:15
osv
patchstack
WordPress EasyBook premium theme <= 1.2.1 - Persistent Cross-Site Scripting (XSS) vulnerability
10 Jan 202100:00
patchstack
prion
Cross site scripting
13 Jan 202018:15
prion
redhatcve
CVE-2019-20212
9 Jan 202610:08
redhatcve
wpexploit
TownHub < 1.0.6 - Multiple Vulnerabilities
9 Jan 202000:00
wpexploit
wpexploit
CityBook < 2.3.4 - Multiple Vulnerabilities
9 Jan 202000:00
wpexploit
Rows per page
NVD
Node
OR
cththemescitybookRange<2.3.4wordpress
cththemeseasybookRange<1.2.2wordpress
cththemestownhubRange<1.0.6wordpress
ParameterPositionPathDescriptionCWE
search_termquery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
location_searchquery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
nearbyquery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
address_latquery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
address_lngquery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
distancequery param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
lcats[]query param/?search_term=%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D=Reflected XSS on homepage search field (TownHub/CityBook/EasyBook variants).CWE-79
actionbody/wp-admin/admin-ajax.phpIDOR: delete a post/listing via admin-ajax.php (TownHub/EasyBook/CityBook variants).CWE-79
lidbody/wp-admin/admin-ajax.phpIDOR: delete a post/listing via admin-ajax.php (TownHub/EasyBook/CityBook variants).CWE-79
_noncebody/wp-admin/admin-ajax.phpIDOR: delete a post/listing via admin-ajax.php (TownHub/EasyBook/CityBook variants).CWE-79
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:30Current
5.9Medium risk
Vulners AI Score5.9
CVSS 24.3
CVSS 3.16.1
EPSS0.02582
88