← Zuruck zu CVEs

CVE-2020-26153

MEDIUM

6.1

Beschreibung

A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht7/13/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

eventespresso:event_espresso

Schwachen (CWE)

CWE-79

Referenzen

https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.p(cve@mitre.org)

https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/(cve@mitre.org)

https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.p(af854a3a-2127-422b-91ae-364da2661108)

https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.