PT-2019-14685 · WordPress · Events Manager
Tobias Fink
·
Publicado
2019-10-16
·
Atualizado
2024-10-08
·
CVE-2019-16523
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Events Manager plugin versions through 5.9.5
Description
The issue arises from improper encoding and insertion of data provided to the
map style attribute of shortcodes, specifically locations map and events map, leading to Stored XSS.Recommendations
For versions through 5.9.5, update to a version that contains a fix for this issue to prevent exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Events Manager