CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10763 – CampTix Event Ticketing < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10763
18 Aug 2016 — The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. El complemento Campeting Event Ticketing antes de 1.5 para WordPress permite XSS en la sección de administración a través de un título o cuerpo del ticket. • https://hackerone.com/reports/152958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10762 – CampTix Event Ticketing <= 1.4.2 - CSV Injection
https://notcve.org/view.php?id=CVE-2016-10762
15 Jul 2016 — The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. El complemento CampTix Event Ticketing antes de 1.5 para WordPress permite la inyección de CSV cuando se utiliza la herramienta de exportación. The CampTix Event Ticketing plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2. This allows attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are download... • https://hackerone.com/reports/151516 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •