CVE-2021-24364
Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 2.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
21 Jun 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
Affected products
TieLabs · JannahWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →