Lucene search
K

9 matches found

CNVD
CNVD
added 2021/07/19 12:0 a.m.10 views

WordPress Event Espresso Core Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Event Espresso Core plugin has a security vulnerability, version 4.10.6.p and below allows...

6.1CVSS1.2AI score0.03796EPSS
Exploits2References1
OSV
OSV
added 2021/07/13 11:15 a.m.14 views

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

6.1CVSS5.7AI score0.03796EPSS
Exploits2References2
NVD
NVD
added 2021/07/13 11:15 a.m.12 views

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

6.1CVSS0.03796EPSS
Exploits2References2
Prion
Prion
added 2021/07/13 11:15 a.m.10 views

Cross site scripting

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

4.3CVSS6AI score0.03796EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/13 10:44 a.m.12 views

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

6AI score0.03796EPSS
Exploits2References2
CVE
CVE
added 2021/07/13 10:44 a.m.78 views

CVE-2020-26153

Summary: CVE-2020-26153 remains a documented XSS vulnerability affecting the Event Espresso Core-Reg plugin (WordPress) prior to 4.10.7.p. The weakness is in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php, where the page parameter is n...

6.1CVSS5.9AI score0.03796EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Event Espresso Core plugin has a security vulnerability, version 4.10.6.p and below allows...

6.1CVSS5.9AI score0.03796EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/06/25 12:0 a.m.125 views

Event Espresso Core < 4.10.7.p - Reflected Cross-Site Scripting (XSS)

The adminpages/messages/templates/eemsgadminoverview.template.php file of the plugin did not escape user input before outputting back in an attribute in the page, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.1AI score0.03796EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/06/25 12:0 a.m.17 views

Event Espresso Core < 4.10.7.p - Reflected Cross-Site Scripting (XSS)

The adminpages/messages/templates/eemsgadminoverview.template.php file of the plugin did not escape user input before outputting back in an attribute in the page, leading to a reflected Cross-Site Scripting issue PoC...

6.1CVSS0.03796EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder