5 matches found
CVE-2023-5238
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website...
CVE-2023-5238 EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website...
CVE-2023-5238 EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website...
CVE-2023-5238
The CVE-2023-5238 entry corresponds to the EventPrime WordPress plugin prior to version 3.2.0, where a parameter is not sanitized/escaped before being echoed in the plugin’s search page, causing a reflected HTML injection. Multiple sources (NVD, Red Hat, CVE lists, WPVulndb/PatchStack references)...
WordPress EventPrime Plugin < 3.2.0 is vulnerable to Other Vulnerability Type
Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2023-5238 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5e5aac5b95f3 Credits Miguel Santareno Required privilege...