CVE-2024-6910

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 50.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown EventonMyeventon Eventon
Timeline
PublishedSep 9

Description

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/eventon< 2.2.17
NVDmyeventon/eventon< 2.2.17

🔴Vulnerability Details

2
CVEList
EventON < 2.2.17 - Admin+ Stored XSS2024-09-09
GHSA
GHSA-wq3j-qfpm-h36f: The EventON WordPress plugin before 22024-09-09
CVE-2024-6910 (MEDIUM CVSS 4.8) | The EventON WordPress plugin before | cvebase.io