The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2019120110 | Exploit Third Party Advisory |
https://cxsecurity.com/issue/WLB-2019120111 | Exploit Third Party Advisory |
https://cxsecurity.com/issue/WLB-2019120112 | Exploit Third Party Advisory |
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727 | Third Party Advisory |
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622 | Third Party Advisory |
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571 | Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10013 | Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10014 | Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10018 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-01-13 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-20212
Mitre link : CVE-2019-20212
CVE.ORG link : CVE-2019-20212
JSON object : View
Products Affected
cththemes
- citybook
- easybook
- townhub
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')