CVE-2019-20211 Information

Feb 14, 2021 cve

Description

The CTHthemes CityBook before 2.3.4 TownHub before 1.0.6 and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address Listing Latitude Listing Longitude Email Address Description Name Job or Position Description Service Name Address Latitude Longitude Phone Number or Website.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://cxsecurity.com/issue/WLB-2019120110 https://cxsecurity.com/issue/WLB-2019120111 https://cxsecurity.com/issue/WLB-2019120112 https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727 https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622 https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571 https://wpvulndb.com/vulnerabilities/10013 https://wpvulndb.com/vulnerabilities/10014 https://wpvulndb.com/vulnerabilities/10018

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: