CVE-2021-24407

MEDIUM NUCLEI

Tielabs Jannah < 5.4.5 - XSS

Title source: rule

Description

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.

Nuclei Templates (1)

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

MEDIUMby pikpikcu

References (1)

[Exploit, Vendor Advisory] https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153

Scores

CVSS v3 6.1

EPSS 0.2096

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

tielabs/jannah < 5.4.5

Published Jul 06, 2021

Tracked Since Feb 18, 2026