Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin prior to 5.3.5 and Events Manager Pro plugin prior to 2.2.9 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netweblogic events manager 5.3 |
||
netweblogic events manager 5.3.2 |
||
netweblogic events manager 5.3.1 |
||
netweblogic events manager |
||
netweblogic events manager 5.3.3 |
||
netweblogic events manager 5.3.2.1 |
||
netweblogic events manager pro 2.2.2 |
||
netweblogic events manager pro 2.2.1 |
||
netweblogic events manager pro 2.2.4 |
||
netweblogic events manager pro 2.2.3 |
||
netweblogic events manager pro 2.2.8 |
||
netweblogic events manager pro |
||
netweblogic events manager pro 2.2 |
||
netweblogic events manager pro 2.2.6 |
||
netweblogic events manager pro 2.2.5 |