Limited Black Friday Offer:

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) CVE-2021-24342 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) CVE-2021-24342 Scanner Detail

The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.

https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e