Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2023-7170

Disclosure Date: January 22, 2024 (last updated January 27, 2024)
The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0