CVE-2025-64205
- EPSS 0.17%
- Veröffentlicht 18.12.2025 07:22:11
- Zuletzt bearbeitet 20.01.2026 15:18:43
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0.
CVE-2025-64206
- EPSS 0.06%
- Veröffentlicht 18.12.2025 07:22:11
- Zuletzt bearbeitet 20.01.2026 15:18:43
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0.
CVE-2025-64207
- EPSS 0.05%
- Veröffentlicht 18.12.2025 07:22:11
- Zuletzt bearbeitet 20.01.2026 15:18:43
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through <= 7.6.0.
CVE-2025-53334
- EPSS 0.11%
- Veröffentlicht 28.08.2025 12:37:28
- Zuletzt bearbeitet 29.08.2025 16:24:29
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1.
CVE-2021-24407
- EPSS 20.96%
- Veröffentlicht 06.07.2021 11:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:00
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.
CVE-2021-24364
- EPSS 2.31%
- Veröffentlicht 21.06.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:55
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.