CVE-2020-26153

MEDIUM NUCLEI

Eventespresso Event Espresso < 4.10.7.p - XSS

Title source: rule

Description

A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Nuclei Templates (1)

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
MEDIUMby pikpikcu

References (2)

Scores

CVSS v3 6.1
EPSS 0.1316
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
eventespresso/event_espresso < 4.10.7.p
Published Jul 13, 2021
Tracked Since Feb 18, 2026