3 matches found
CVE-2021-24237
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24237.yaml...
CVE-2021-24237 Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
CVE-2021-24237
The Realteo WordPress plugin (= 1.2.4. Public references include NVD/CWE reports and nuclei templates documenting the XSS, with PoC payloads existing in public exploits. Exploit status in the connected docs is evidenced by multiple sources indicating unauthenticated XSS. No MITRE ATT&CK mappings ...