HIGH✓ PATCH🇬🇧 English

CVE-2024-35652

CVSS 7.1v3.1pub. 2024-06-04upd. 2024-11-21

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
  • Vollstart Event Tickets With Ticket Scanner

    APP
    Vollstart
    < 2.3.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2024-52427CRITICAL9.9PL ✓ten sam produkt

RCE przez deserializację danych w pluginie Event Tickets with Ticket Scanner

CVE-2025-1762MEDIUM4.3ten sam produkt

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when upd...

CVE-2024-6711LOW3.5ten sam produkt

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some paramete...