2 matches found
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting
The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...
CVE-2021-24797
Tickera WordPress plugin before 3.4.8.3 is affected by an unauthenticated stored XSS due to improper sanitisation/escaping of the Name fields in booked Events when displayed in the Orders admin dashboard. This allows an attacker to inject JavaScript that executes in admins’ browsers. Public entri...