CVE-2021-24157

CVE-2021-24157: Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting

Vendor Unknown
Product Orbit Fox by ThemeIsle
Weakness CWE-79 · XSS
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated