CVE-2022-25611

Published: 2022-03-25T19:15Z

Last Modified: 2024-11-21T06:52Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt