What is CVE-2021-24407?

CVE-2021-24407 is a vulnerability in Tielabs Jannah, classified under Cross-site Scripting. Published 2021-07-06.

Is CVE-2021-24407 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Tielabs Jannah

CVE-2021-24407

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.210 (95.8th percentile) — read the EPSS interpretation.

Affected products

Tielabs Jannah — versions 5.4.5

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24407?: CVE-2021-24407 is a vulnerability in Tielabs Jannah, classified under Cross-site Scripting. Published 2021-07-06.
Is CVE-2021-24407 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.