CVE-2021-24364

CVE-2021-24364: Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)

Vendor Tielabs
Product Jannah
Weakness CWE-79 · XSS
Published June 21, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

Key dates

02Disclosure timeline

June 21, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7869 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting CVE-2024-33946 WordPress WPify Woo Czech plugin <= 4.0.10 - Cross Site Scripting (XSS) vulnerability CVE-2026-0741 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters CVE-2022-45087 Cross-site Scripting in Smartpower Web CVE-2022-38189 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.