Lucene search

K
wpexploitIohexWPEX-ID:69351798-C790-42D4-9485-1813CD325769
HistoryNov 16, 2021 - 12:00 a.m.

SportsPress < 2.7.9 - Reflected Cross-Site Scripting

2021-11-1600:00:00
iohex
73

0.001 Low

EPSS

Percentile

40.2%

The plugin does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue

https://example.com/wp-admin/edit.php?post_type=sp_event&match_day=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22

0.001 Low

EPSS

Percentile

40.2%

Related for WPEX-ID:69351798-C790-42D4-9485-1813CD325769