Full Disclosure mailing list archives
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
From: Summer of Pwnage <lists () securify nl>
Date: Thu, 4 Aug 2016 19:36:01 +0200
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin ------------------------------------------------------------------------ Job Diesveld, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability has been found in the Events Made Easy WordPress plugin. By using this issue an attacker can create a specially crafted event which, when posted to WordPress, injects malicious JavaScript code into the application. This code will execute within the browser of any user who views the relevant application content. ------------------------------------------------------------------------ OVE ID ------------------------------------------------------------------------ OVE-20160729-0001 ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue has been fixed in Events Made Easy plugin version 1.6.21. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_events_made_easy_wordpress_plugin.html ------------------------------------------------------------------------ Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage (Aug 04)