9 matches found
EUVD-2020-16502
Malware in sbrugna...
WordPress Larsens Calender plugin cross-site scripting vulnerability
WordPress Larsens Calender is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Larsens Calender plugin version 1.2 and earlier versions, which can be exploited by remote attackers to execute arbitrary web scripts via the "Eintrage hinzufuge...
CVE-2020-23762
Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...
CVE-2020-23762
Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...
CVE-2020-23762
The CVE-2020-23762 entry concerns the WordPress plugin Larsens Calender (versions
WordPress 插件 跨站脚本漏洞
WordPress Larsens Calender is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Larsens Calender plugin version 1.2 and earlier versions, which can be exploited by remote attackers to execute arbitrary web scripts via the "Eintrage hinzufuge...
Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries The PoC will be...
Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries PoC The PoC will be...
WordPress Larsens Calender plugin <= 1.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by TH3 HIDD3N 0N3 in WordPress Larsens Calender plugin versions = 1.2. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...