Lucene search
IohexWPEX-ID:69351798-C790-42D4-9485-1813CD325769HistoryNov 16, 2021 - 12:00 a.m.
SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-11-1600:00:00
iohex
73
0.001 Low
EPSS
Percentile
40.2%
The plugin does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/edit.php?post_type=sp_event&match_day=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22Related
cnvd
cnvd
nvd
nvd
CVE-2021-24578
2021-12-21 09:15:06
prion
prion
Cross site scripting
2021-12-21 09:15:00
wpvulndb
wpvulndb
SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-11-16 00:00:00
cvelist
cvelist
CVE-2021-24578 SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-12-21 08:45:25
patchstack
patchstack
cve
cve
CVE-2021-24578
2021-12-21 09:15:06