exploitDog

CVE-2018-9020

Опубликовано: 26 мар. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.

Ссылки

http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release/
Third Party Advisory
https://wordpress.org/plugins/events-manager/#developers
Third Party Advisory
https://www.gubello.me/blog/events-manager-authenticated-stored-xss/
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=40d7uXl36O4
Third Party Advisory
http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release/
Third Party Advisory
https://wordpress.org/plugins/events-manager/#developers
Third Party Advisory
https://www.gubello.me/blog/events-manager-authenticated-stored-xss/
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=40d7uXl36O4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*

Версия до 5.8.1.2 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9jwp-7vxc-w3x4

CVSS3: 5.4

github

больше 3 лет назад

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.

EPSS

Процентиль: 44%

0.00219

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79