5 matches found
CVE-2024-10878
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878
CVE-2024-10878 affects the WordPress plugin Sugar Calendar – Lite (Sugar Calendar) up to version 3.3.0 . The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper escaping in the URL through the use of add_query_arg and remove_query_arg . This allows unauthenticated attackers...
WordPress Sugar Calendar (Lite) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Sugar Calendar Lite Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10878 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8ef7ef64f31f Credits Peter Thaleik...