Lucene search
RishiWPEX-ID:87605DAA-5410-4FB6-BF6C-79328F8E301AHistoryJun 07, 2020 - 12:00 a.m.
SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting
2020-06-0700:00:00
Rishi
11
0.001 Low
EPSS
Percentile
22.9%
Any user with the role of administrator or League Manager is able to store XSS payloads in the custom delimiter setting of events pages. This will then execute on all events pages on the website.
Video PoC: https://youtu.be/J8QZ8S6CiS8Related
prion
prion
Cross site scripting
2020-06-09 18:15:00
cvelist
cvelist
CVE-2020-13892
2020-06-09 17:40:32
cve
cve
CVE-2020-13892
2020-06-09 18:15:11
nvd
nvd
CVE-2020-13892
2020-06-09 18:15:11
wpvulndb
wpvulndb
SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting
2020-06-07 00:00:00
patchstack
patchstack