CVE-2021-24387

🗓️ 06 Jul 2021 11:03:29Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 70 Views🌐 WEB

The WP Pro Real Estate 7 WordPress theme before 3.1.1 allows reflected XSS via ct_community parameter

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-24387	27 Apr 202309:58	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	6 Jul 202100:00	–	cnnvd
CNVD	WordPress WP Pro Real Estate 7 Plugin Cross-Site Scripting Vulnerability	7 Jul 202100:00	–	cnvd
Cvelist	CVE-2021-24387 Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)	6 Jul 202111:03	–	cvelist
Nuclei	WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting	6 Jun 202603:01	–	nuclei
NVD	CVE-2021-24387	6 Jul 202111:15	–	nvd
Prion	Cross site scripting	6 Jul 202111:15	–	prion
RedhatCVE	CVE-2021-24387	22 May 202519:21	–	redhatcve
wpexploit	Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)	10 Jun 202100:00	–	wpexploit
WPVulnDB	Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)	10 Jun 202100:00	–	wpvulndb

NVD

Vulners

Node

contempothemes real_estate_7Range<3.1.1wordpress

[
  {
    "product": "WP Pro Real Estate 7",
    "vendor": "Contempoinc",
    "versions": [
      {
        "lessThan": "3.1.1",
        "status": "affected",
        "version": "3.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
contempothemes	www.contempothemes.com/wp-real-estate-7/changelog/
wpscan	www.wpscan.com/vulnerability/27264f30-71d5-4d2b-8f36-4009a2be6745

Parameter	Position	Path	Description	CWE
ct_community	query param	/?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=%3Cscript%3Ealert(document.domain);%3C/script%3E&ct_mls=&ct_brokerage=0&lat&lng	Reflected XSS in search listings page via unsanitised ct_community parameter	CWE-79

21 Nov 2024 05:52Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.3

CVSS 3.16.1

EPSS0.42031

CWE-79