What is CVE-2021-24364?

CVE-2021-24364 is a vulnerability in Tielabs Jannah, classified under Cross-site Scripting. Published 2021-06-21.

Is CVE-2021-24364 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Tielabs Jannah

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.020 (84.0th percentile) — read the EPSS interpretation.

Affected products

Tielabs Jannah — versions 5.4.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
LvL23HT/Web-Pentest-Cheklist
crpytoscooby/resourses_
salihkiraz/Web-Uygulamasi-Sizma-Testi-Kontrol-Listesi

References

wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24364?: CVE-2021-24364 is a vulnerability in Tielabs Jannah, classified under Cross-site Scripting. Published 2021-06-21.
Is CVE-2021-24364 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.