CVE-2015-5485

Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
theeventscalendareventbrite_tickets
𝑥
≤ 3.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/Jul/67
https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/
https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/
http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/Jul/67
https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/
https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/