Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Tickera – WordPress Event Ticketing by Unknown

    CVE-2021-24797 (GCVE-0-2021-24797)

    Vulnerability from nvd – Published: 2021-12-27 10:33 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting
    Summary
    The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Tickera – WordPress Event Ticketing Affected: 3.4.8.3 , < 3.4.8.3 (custom)
    Create a notification for this product.
    Credits
    Ajit Bhatta
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:17.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tickera \u2013 WordPress Event Ticketing",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.4.8.3",
                  "status": "affected",
                  "version": "3.4.8.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ajit Bhatta"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T10:33:19.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Tickera \u003c 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24797",
              "STATE": "PUBLIC",
              "TITLE": "Tickera \u003c 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tickera \u2013 WordPress Event Ticketing",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.4.8.3",
                                "version_value": "3.4.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ajit Bhatta"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24797",
        "datePublished": "2021-12-27T10:33:19.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:17.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24797 (GCVE-0-2021-24797)

    Vulnerability from cvelistv5 – Published: 2021-12-27 10:33 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting
    Summary
    The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Tickera – WordPress Event Ticketing Affected: 3.4.8.3 , < 3.4.8.3 (custom)
    Create a notification for this product.
    Credits
    Ajit Bhatta
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:17.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tickera \u2013 WordPress Event Ticketing",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.4.8.3",
                  "status": "affected",
                  "version": "3.4.8.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ajit Bhatta"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T10:33:19.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Tickera \u003c 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24797",
              "STATE": "PUBLIC",
              "TITLE": "Tickera \u003c 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tickera \u2013 WordPress Event Ticketing",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.4.8.3",
                                "version_value": "3.4.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ajit Bhatta"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24797",
        "datePublished": "2021-12-27T10:33:19.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:17.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }