The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://wpvulndb.com/vulnerabilities/9141 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-13T13:04:19
Updated: 2024-08-05T11:23:08.443Z
Reserved: 2018-10-31T00:00:00
Link: CVE-2018-18872
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-13T14:29:00.910
Modified: 2024-11-21T03:56:47.480
Link: CVE-2018-18872
Redhat
No data.