CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16523 – Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16523
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. El plugin events-manager versiones hasta 5.9.5 para WordPress (también se conoce como Events Manager), es susceptible a una vulnerabilidad de tipo XSS almacenado debido a la codificación e inserción inapropiada de los datos proporcionados en el atributo map_style de los shortcodes (locations_map y events_map) proporcionados por el plugin. • http://www.openwall.com/lists/oss-security/2019/10/16/4 https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13137 – Events Manager <= 5.9.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. La versión 5.9.4 del plugin Events Manager para WordPress es vulnerable a XSS a través del parámetro dbem_event_reapproved_email_body a la URI wp-admin/edit.php?post_type=event&page=events-manager-options. • https://ansawaf.blogspot.com/2019/04/cve-2018-13137-xss-in-events-manager.html https://gist.github.com/ansarisec/12737c207c0851d52865ed60c08891b7 https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •