4.3
CVE-2013-1407
- EPSS 2.06%
- Veröffentlicht 13.05.2014 14:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginEvents Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php.
Mögliche Gegenmaßnahme
Events Manager – Calendar, Bookings, Tickets, and more!: Update to version 5.3.5, or a newer patched version
Events Manager Pro: Update to version 2.2.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netweblogic ≫ Events Manager Update- Edition- SwEdition- SwPlatformwordpress Version <= 5.3.4
Netweblogic ≫ Events Manager Version5.3 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Version5.3.1 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Version5.3.2 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Version5.3.2.1 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Version5.3.3 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Update- Edition- SwEdition- SwPlatformwordpress Version <= 2.2.7
Netweblogic ≫ Events Manager Pro Version2.2 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.1 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.2 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.3 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.4 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.5 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.6 Update- Edition- SwEdition- SwPlatformwordpress
Netweblogic ≫ Events Manager Pro Version2.2.8 Update- Edition- SwEdition- SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Events Manager – Calendar, Bookings, Tickets, and more!
Version
[*, 5.3.5)
SystemWordPress Plugin
≫
Produkt
Events Manager Pro
Version
[*, 2.2.9)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.06% | 0.788 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://archives.neohapsis.com/archives/bugtraq/2013-03/0034.html
http://wp-events-plugin.com/blog/2013/01/22/5-3-5-released-includes-a-security-update
https://www.htbridge.com/advisory/HTB23139
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4d2829-9f99-4a2d-9bde-476fae2c99a4