Lucene search
WpvulndbWPEX-ID:E8B176D1-6A19-4B34-9CAE-A928E013F0CDHistoryApr 09, 2021 - 12:00 a.m.
Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
2021-04-0900:00:00
wpvulndb
78
0.001 Low
EPSS
Percentile
31.2%
The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries
The PoC will be displayed once the issue has been remediatedRelated
prion
prion
Cross site scripting
2021-04-09 18:15:00
cve
cve
CVE-2020-23762
2021-04-09 18:15:13
wpvulndb
wpvulndb
Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
2021-04-09 00:00:00
cvelist
cvelist
CVE-2020-23762
2021-04-09 17:50:11
patchstack
patchstack
nvd
nvd
CVE-2020-23762
2021-04-09 18:15:13