BugTraq
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Aug 04 2016 05:36PM
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
------------------------------------------------------------------------

Job Diesveld, July 2016

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

A Cross-Site Scripting vulnerability has been found in the Events Made
Easy WordPress plugin. By using this issue an attacker can create a
specially crafted event which, when posted to WordPress, injects
malicious JavaScript code into the application. This code will execute
within the browser of any user who views the relevant application
content.

------------------------------------------------------------------------

OVE ID
------------------------------------------------------------------------

OVE-20160729-0001

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

This issue has been fixed in Events Made Easy plugin version 1.6.21.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_
events_made_easy_wordpress_plugin.html

------------------------------------------------------------------------

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus