Vulnerability Description
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eventespresso | Event Espresso | < 4.10.7.p |
Related Weaknesses (CWE)
References
- https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.pPatchThird Party Advisory
- https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scExploitThird Party Advisory
- https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.pPatchThird Party Advisory
- https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scExploitThird Party Advisory
FAQ
What is CVE-2020-26153?
CVE-2020-26153 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10...
How severe is CVE-2020-26153?
CVE-2020-26153 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26153?
Check the references section above for vendor advisories and patch information. Affected products include: Eventespresso Event Espresso.