cve/CVE-2019-16523.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 17:22:02 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.

POC

Reference

http://www.openwall.com/lists/oss-security/2019/10/16/4
http://www.openwall.com/lists/oss-security/2019/10/16/4
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager
https://wpvulndb.com/vulnerabilities/9916
https://wpvulndb.com/vulnerabilities/9916

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/SexyBeast233/SecBooks

1.1 KiB Raw Blame History

CVE-2019-16523

Description

POC

Reference

Github

1.1 KiB

Raw Blame History