3 matches found
WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...
CVE-2021-24364
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24364.yaml...
CVE-2021-24364
The CVE-2021-24364 issue affects the WordPress Jannah Theme prior to 5.4.4. Affected component: the tie_get_user_weather AJAX action; the options JSON parameter is not properly sanitized before it is echoed back in the page, leading to a reflected Cross-Site Scripting (XSS) vulnerability. Practic...