CVE-2021-24304 Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)

2021-08-0910:04:04

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

45.7%

JSON

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

CNA Affected

[
  {
    "product": "Newsmag",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.0",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVELIST:CVE-2021-24304