Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)



Description
The plugin does not sanitise the 'Info' field from embedded calendars (which are retrieved from Scoutnet and are not necessarily owned/managed by the administrator of the blog).

Affects Plugin

no known fix
- plugin closed

References

CVE 2019-19198
PacketStorm 155615

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Simon Moser
Views 215069
Verified No
WPVDB ID 9969

Timeline

Publicly Published 2019-12-10 (7 months ago)
Added 2019-12-10 (7 months ago)
Last Updated 2019-12-11 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin