Lucene search
WPScanCVELIST:CVE-2021-24234HistoryApr 22, 2021 - 9:00 p.m.
CVE-2021-24234 Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-04-2221:00:50
CWE-79
WPScan
www.cve.org
4
cve-2021-24234; ivory search; reflected cross site scripting; wordpress plugin
EPSS
0.001
Percentile
37.8%
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
CNA Affected
[
{
"product": "Ivory Search – WordPress Search Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.1",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-24234
2021-04-22 21:15:09
prion
prion
Cross site scripting
2021-04-22 21:15:00
wpexploit
wpexploit
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-03-30 00:00:00
cve
cve
CVE-2021-24234
2021-04-22 21:15:09
wpvulndb
wpvulndb
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-03-30 00:00:00
patchstack
patchstack