2 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. El complemento Campeting Event Ticketing antes de 1.5 para WordPress permite XSS en la sección de administración a través de un título o cuerpo del ticket. • https://hackerone.com/reports/152958 https://wordpress.org/plugins/camptix/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. El complemento CampTix Event Ticketing antes de 1.5 para WordPress permite la inyección de CSV cuando se utiliza la herramienta de exportación. The CampTix Event Ticketing plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2. This allows attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://hackerone.com/reports/151516 https://wordpress.org/plugins/camptix/#developers • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •