The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
References
Link | Resource |
---|---|
https://m0ze.ru/vulnerability/%5B2021-02-10%5D-%5BWordPress%5D-%5BCWE-79%5D-Goto-WordPress-Theme-v1.9.txt | |
https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-04-22 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24235
Mitre link : CVE-2021-24235
CVE.ORG link : CVE-2021-24235
JSON object : View
Products Affected
boostifythemes
- goto
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')