CVE-2021-24578

Summary

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue

Affected Software

VendorProductVersion RangeStatus
UnknownSportsPress – Sports Club & League Manager2.7.9 < 2.7.9affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References