exploitDog

GHSA-c847-r6f2-c2wj

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

Ссылки

EPSS

Процентиль: 48%

0.00252

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-24724

CVSS3: 5.4

nvd

больше 4 лет назад

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

EPSS

Процентиль: 48%

0.00252

Низкий

CVE ID

Дефекты

CWE-79