Lucene search
+L

388 matches found

Positive Technologies
Positive Technologies
added 2019/04/12 12:0 a.m.6 views

PT-2019-8926 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...

4.8CVSS5.3AI score0.01209EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2018/05/16 12:0 a.m.21 views

WordPress Events Manager Plugin < 5.9 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112284";...

5.4CVSS5.5AI score0.01517EPSS
Exploits0References2
OSV
OSV
added 2018/05/14 1:29 p.m.4 views

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.9AI score0.01517EPSS
Exploits0References3
Prion
Prion
added 2018/05/14 1:29 p.m.16 views

Cross site scripting

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.4AI score0.01517EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/05/14 1:0 p.m.59 views

CVE-2018-0576

The CVE-2018-0576 issue concerns the WordPress plugin Events Manager (prior to version 5.9). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary script or HTML via unspecified vectors, potentially executing in a logged-in user’s browser. Af...

5.4CVSS5.4AI score0.01517EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/05/14 1:0 p.m.17 views

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01517EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/05/14 12:0 a.m.5 views

PT-2018-8934 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions prior to 5.9 for WordPress Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting. Recommendations: For versions pri...

5.4CVSS6.8AI score0.01517EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 5:0 a.m.5 views

WordPress plugin "Events Manager" vulnerable to cross-site scripting

Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS5.8AI score0.01517EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.58 views

JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting

The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.2AI score0.01517EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2018/04/27 12:0 a.m.18 views

Events Manager < 5.9 - Authenticated Stored Cross-Site Scripting (XSS)

The Events Manager WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

3.5CVSS2AI score0.01517EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/27 12:0 a.m.7 views

WordPress Events Manager Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Events Manager plugin prior to version 5.9, which can be exploit...

5.4CVSS6.5AI score0.01517EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/28 12:0 a.m.4 views

WordPress Events Manager Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up personal blog sites.Events Manager plugin is used in one of the registration plugin. A cross-site scripting vulnerability exists in th...

5.4CVSS6.3AI score0.01058EPSS
Exploits1References1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.20 views

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...

5.4CVSS3AI score0.01058EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/26 2:29 a.m.2 views

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

5.4CVSS5.4AI score0.01058EPSS
Exploits1References8
NVD
NVD
added 2018/03/26 2:29 a.m.20 views

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

5.4CVSS5.3AI score0.01058EPSS
Exploits1References4
Prion
Prion
added 2018/03/26 2:29 a.m.13 views

Design/Logic Flaw

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

3.5CVSS5.2AI score0.01058EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/03/26 2:29 a.m.4 views

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

5.4CVSS5.8AI score0.01058EPSS
Exploits1References4
Cvelist
Cvelist
added 2018/03/26 2:0 a.m.26 views

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

5.3AI score0.01058EPSS
Exploits1References4
CVE
CVE
added 2018/03/26 2:0 a.m.41 views

CVE-2018-9020

The CVE-2018-9020 entry concerns the WordPress Events Manager plugin (pre-5.8.1.2). Concrete detail: an XSS vulnerability arises via the events-manager.js mapTitle parameter in the Google Maps miniature, due to lack of proper escaping. This affects the Events Manager plugin for WordPress; exploit...

5.4CVSS5.2AI score0.01058EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2018/03/26 12:0 a.m.16 views

Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS

An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable...

3.5CVSS4AI score0.01058EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder