CVE-2023-23491

State: PUBLISHED · Published: 2023-01-20 · Updated: 2025-04-03 · Assigner: tenable

Description

The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / Quick Event Manager WordPress Plugin — v=< 9.7.5 [affected]

CVSS

(none)

References

https://www.tenable.com/security/research/tra-2023-3

Source

cvelistV5-main/cves/2023/23xxx/CVE-2023-23491.json