Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbLuigiWPVDB-ID:E7C38907-2D2F-41B4-A58B-F1225AA4C4EB
HistoryMar 26, 2018 - 12:00 a.m.

Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS

2018-03-2600:00:00
Luigi
wpscan.com
10

EPSS

0.001

Percentile

49.2%

JSON

An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable mapTitle is not escaped. 15/01/2018 – Events Manager is updated to version 5.8.1.2 and the vulnerability is fixed

Related

nvd 1
prion 1
cve 1
patchstack 1
cvelist 1
nvd
nvd
CVE-2018-9020
2018-03-26 02:29:00
prion
prion
Design/Logic Flaw
2018-03-26 02:29:00
cve
cve
CVE-2018-9020
2018-03-26 02:29:00
patchstack
patchstack
WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability
2018-03-28 00:00:00
cvelist
cvelist
CVE-2018-9020
2018-03-26 02:00:00

EPSS

0.001

Percentile

49.2%

JSON
Related for WPVDB-ID:E7C38907-2D2F-41B4-A58B-F1225AA4C4EB
nvd1prion1cve1patchstack1cvelist1