Events Manager 5.3.2.1 is vulnerable to cross-site scripting.
'pno', '_wpnonce', 'cols', 'limit' parameters are vulnerable to XSS.
'Bypass' for include xss code for limit parameter can be done by adding:
limit="></option></select><img src=x onerror=alert(1)><option>
(because you must close <option> and <select> tags and then add xss).
No comments:
Post a Comment
What do You think...?