Vulnerabilities > CVE-2021-24342 - Unspecified vulnerability in Jnews
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |