Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting
Vulnerability Description
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress 插件跨站脚本漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin MotoPress 存在跨站脚本漏洞,该漏洞源于在2.3.19之前,MotoPress WordPress插件的时间表和事件时间表并没有清理它的一些参数。攻击者可利用该漏洞允许低权限用户(如作者)在查看相关事件时对前端和后端用户执行XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A