CVE-2018-8729

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pojo:activity_log:*:*:*:*:*:wordpress:*:*

History

26 Dec 2023, 19:56

Type Values Removed Values Added
CPE cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:* cpe:2.3:a:pojo:activity_log:*:*:*:*:*:wordpress:*:*

Information

Published : 2018-03-15 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-8729

Mitre link : CVE-2018-8729

CVE.ORG link : CVE-2018-8729


JSON object : View

Products Affected

pojo

  • activity_log
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')