CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 3CVE-2020-29395 – EventON <= 3.0.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. El plugin EventON versiones hasta 3.0.5 para WordPress, permite un XSS de addons/?q= por medio del campo de búsqueda The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including 3.0.5. This is due to insufficient escaping and sanitization on the q= parameter. • https://www.exploit-db.com/exploits/49130 http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cross-Site-Scripting.html https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS https://www.myeventon.com/news • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •