2 matches found
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
CVE-2021-24319
The affected product is the Bello WordPress theme (before version 1.6.0). The vulnerability (CVE-2021-24319) is an authenticated Cross-Site Scripting (XSS) in the shop/my-account/bello-listing-endpoint/ page caused by improper sanitization of the post_excerpt parameter before output. Exploitation...