WordPress Event Manager Cross Site Scripting

Credit: Luigi Gubello
Risk: Low
Local: Yes
Remote: No

CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hi, In January I found a stored XSS in Events Manager - WP plugin (100,000+ downloads). CVE: 2018-9020 An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable mapTitle is not escaped. Links: https://www.gubello.me/blog/events-manager-authenticated-stored-xss/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9020 http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release/ Sent with [ProtonMail](https://protonmail.com) Secure Email.

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com


Back to Top