CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16164 – EventCalendar <= 1.1.21 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16164
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Event Calendar WD, en versiones 1.1.21 y anteriores, permite que los atacantes remotos autenticados inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN75738023/index.html https://plugins.trac.wordpress.org/changeset/1961423 https://wordpress.org/plugins/event-calendar-wd/#developers https://wpvulndb.com/vulnerabilities/9199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2224 – EventCalendar < 1.0.94 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2224
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en Event Calendar WD anterior a la versión 1.0.94, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. The EventCalendar plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 1.0.94 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • http://www.securityfocus.com/bid/99155 https://jvn.jp/en/jp/JVN73550134/index.html https://plugins.trac.wordpress.org/changeset/1671891/#file313 https://wordpress.org/plugins/event-calendar-wd/#developers https://wpvulndb.com/vulnerabilities/8859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •