CVE-2021-24304

CVE-2021-24304: Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)

Vendor Unknown
Product Newsmag
Weakness CWE-79 · XSS
Published August 9, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
August 3, 2024 Record updated