Lucene search
Jinson Varghese BehananWPEX-ID:ECC620BE-8E29-4860-9D32-86B5814A3835HistoryMar 30, 2021 - 12:00 a.m.
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-03-3000:00:00
Jinson Varghese Behanan
93
ivory search
version 4.6.1
reflected cross site scripting
xss
admin page
security exploit
EPSS
0.001
Percentile
37.8%
The Search Forms page of the plugin did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
https://example.com/wp-admin/admin.php?page=ivory-search&post=<form-id>&action=edit&tab=excludes%22%3E%3Cimg+src+onerror%3Dalert%28%2FXSS%2F%29%3ERelated
nvd
nvd
CVE-2021-24234
2021-04-22 21:15:09
prion
prion
Cross site scripting
2021-04-22 21:15:00
cve
cve
CVE-2021-24234
2021-04-22 21:15:09
wpvulndb
wpvulndb
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-03-30 00:00:00
cvelist
cvelist
CVE-2021-24234 Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
2021-04-22 21:00:50
patchstack
patchstack