CVE-2021-24317

🗓️ 01 Jun 2021 11:33:30Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 44 Views🌐 WEB

The Listeo WordPress theme has Cross-Site Scripting vulnerabilitie

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress 插件跨站脚本漏洞	1 Jun 202100:00	–	cnnvd
Cvelist	CVE-2021-24317 Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities	1 Jun 202111:33	–	cvelist
EUVD	EUVD-2021-11231	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24317	1 Jun 202114:15	–	nvd
OSV	CVE-2021-24317	1 Jun 202114:15	–	osv
Prion	Cross site scripting	1 Jun 202114:15	–	prion
RedhatCVE	CVE-2021-24317	22 May 202519:21	–	redhatcve
wpexploit	Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities	16 May 202100:00	–	wpexploit
WPVulnDB	Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities	16 May 202100:00	–	wpvulndb

NVD

Vulners

Node

purethemes listeoRange<1.6.11wordpress

[
  {
    "product": "Listeo",
    "vendor": "purethemes",
    "versions": [
      {
        "lessThan": "1.6.11",
        "status": "affected",
        "version": "1.6.11",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
m0ze	www.m0ze.ru/vulnerability/%5B2021-02-10%5D-%5BWordPress%5D-%5BCWE-79%5D-Listeo-WordPress-Theme-v1.6.10.txt
wpscan	www.wpscan.com/vulnerability/704d8886-df9e-4217-88d1-a72a71924174

Parameter	Position	Path	Description	CWE
keyword_search	query param	listings/	Unauthenticated Reflected XSS via search query parameters	CWE-79
location_search	query param	listings/	Unauthenticated Reflected XSS via search query parameters	CWE-79
firstname	request body	booking-confirmation/	Authenticated Persistent XSS & XFS in booking confirmation form fields	CWE-79
lastname	request body	booking-confirmation/	Authenticated Persistent XSS & XFS in booking confirmation form fields	CWE-79
email	request body	booking-confirmation/	Authenticated Persistent XSS & XFS in booking confirmation form fields	CWE-79
phone	request body	booking-confirmation/	Authenticated Persistent XSS & XFS in booking confirmation form fields	CWE-79
message	request body	booking-confirmation/	Authenticated Persistent XSS & XFS in booking confirmation form fields	CWE-79
action	request body	wp-admin/admin-ajax.php	Authenticated Persistent XSS & XFS via admin-ajax message endpoint	CWE-79
recipient	request body	wp-admin/admin-ajax.php	Authenticated Persistent XSS & XFS via admin-ajax message endpoint	CWE-79
referral	request body	wp-admin/admin-ajax.php	Authenticated Persistent XSS & XFS via admin-ajax message endpoint	CWE-79

21 Nov 2024 05:52Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.3

CVSS 3.16.1

EPSS0.0019

CWE-79