Limited Black Friday Offer:

Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS) CVE-2021-24235 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS) CVE-2021-24235 Scanner Detail

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139