WordPress Event Manager 5.8.1.1 Cross Site Scripting

2018.03.27
Credit: Luigi Gubello
Risk: Low
Local: Yes
Remote: No
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hi, In January I found a stored XSS in Events Manager 5.8.1.1 - WP plugin (100,000+ downloads). CVE: 2018-9020 An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable mapTitle is not escaped. Links: https://www.gubello.me/blog/events-manager-authenticated-stored-xss/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9020 http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release/ Sent with [ProtonMail](https://protonmail.com) Secure Email.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top