Lucene search
WPScanCVELIST:CVE-2021-24320HistoryJun 01, 2021 - 11:33 a.m.
CVE-2021-24320 Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
2021-06-0111:33:30
CWE-79
WPScan
www.cve.org
3
wordpress
xss
security issue
bello theme
EPSS
0.001
Percentile
46.9%
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
CNA Affected
[
{
"product": "Bello - Directory & Listing",
"vendor": "BoldThemes",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-24320
2021-06-01 14:15:09
nuclei
nuclei
WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
2021-07-15 03:38:35
wpexploit
wpexploit
Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
2021-05-16 00:00:00
prion
prion
Cross site scripting
2021-06-01 14:15:00
patchstack
patchstack
wpvulndb
wpvulndb
Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
2021-05-16 00:00:00
cve
cve
CVE-2021-24320
2021-06-01 14:15:09