Lucene search
K

5 matches found

OSV
OSV
added 2024/11/26 6:15 p.m.4 views

CVE-2024-10878

The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...

6.1CVSS7.4AI score0.00443EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/26 5:32 p.m.25 views

CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting

The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...

6.1CVSS6.4AI score0.00443EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 5:32 p.m.17 views

CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting

The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...

6.1CVSS0.00443EPSS
Exploits0References3
CVE
CVE
added 2024/11/26 5:32 p.m.60 views

CVE-2024-10878

CVE-2024-10878 affects the WordPress plugin Sugar Calendar – Lite (Sugar Calendar) up to version 3.3.0 . The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper escaping in the URL through the use of add_query_arg and remove_query_arg . This allows unauthenticated attackers...

6.1CVSS6AI score0.00443EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.19 views

WordPress Sugar Calendar (Lite) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Sugar Calendar Lite Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10878 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8ef7ef64f31f Credits Peter Thaleik...

6.1CVSS5.7AI score0.00443EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder