.. / CVE-2020-29395

Exploit for Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting (CVE-2020-29395)

Description:

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field.

Nuclei Template

View the template here CVE-2020-29395.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-29395.yaml
Copy

References:

http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cross-Site-Scripting.html
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
https://www.myeventon.com/news/
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2020-29395