关键信息 漏洞描述 漏洞名称: Event Calendar Calendar Manager” 2. 添加一个新日历,并在日历名称中输入 3. 保存并查看日历列表中的XSS 影响的插件 插件: events-calendar 修复状态: 尚无已知修复 参考资料 CVE: CVE-2024-8701 分类 类型: XSS OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE: CWE-79 CVSS: 3.5 (低) 其他信息 原始研究员: Bob Matyas 提交者: Bob Matyas 提交者网站: https://www.bobmatyas.com 提交者Twitter: bobmatyas 验证: 是 WPVDB ID: 707d4b5b-8efe-4010-ba7d-80538545a2d5 时间线 公开发布: 2024-09-10(约8个月前) 添加: 2024-10-10(约7个月前) 最后更新: 2024-10-10(约7个月前) 其他相关漏洞 Contact Us By Lord Linus <= 2.6 - Reflected Cross-Site Scripting Fiverr.com Official Search Box <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class Orbit Fox by Themeisle < 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter AdsMiddle <= 1.0 - Reflected Cross-Site Scripting