Update CVE-2021-24364.yaml

patch-1
PikPikcU 2021-09-15 12:03:20 +07:00 committed by GitHub
parent 936ec94e23
commit 9cf31a5078
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -4,7 +4,7 @@ info:
name: Jannah < 5.4.4 (XSS)
author: pikpikcu
severity: medium
description: he Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
reference:
- https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382
- https://nvd.nist.gov/vuln/detail/CVE-2021-24364