CVE-2020-9459 — Cross-site Scripting in Modern Events Calendar Lite
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 59.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateMay 24
Description
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-r5jc-c3q5-cv3r: Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5↗2022-05-24
CVEList▶
CVE-2020-9459: Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5↗2020-02-28
VulnCheck▶
webnus modern_events_calendar_lite Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2020
💬Community
1Bugzilla▶
CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL↗2020-01-06