{"id":3486,"date":"2024-04-09T19:45:10","date_gmt":"2024-04-09T19:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/"},"modified":"2024-04-09T19:45:10","modified_gmt":"2024-04-09T19:45:10","slug":"bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/","title":{"rendered":"BizCalendar Web <= 1.1.0.19 – Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a"},"content":{"rendered":"
El plugin BizCalendar Web para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro ‘tab’ en todas las versiones hasta, e incluyendo, la 1.1.0.19 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin BizCalendar Web puede ser explotada por atacantes para ejecutar scripts maliciosos en el navegador de las v\u00edctimas, lo que puede llevar al robo de informaci\u00f3n confidencial, sesiones de usuario comprometidas y otros ataques.<\/div>\n
Es fundamental tomar medidas proactivas para protegerse contra vulnerabilidades de seguridad como el Cross-Site Scripting en WordPress y otros sistemas. Mantener todos los plugins y temas actualizados, as\u00ed como practicar h\u00e1bitos de navegaci\u00f3n seguros, pueden ayudar a reducir el riesgo de explotaci\u00f3n.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin BizCalendar Web para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro ‘tab’ en todas las versiones hasta, e incluyendo, la 1.1.0.19 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1196],"class_list":["post-3486","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1780"],"yoast_head":"\nBizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin BizCalendar Web para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro ‘tab’ en todas las versiones hasta, e incluyendo, la 1.1.0.19 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T19:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/\",\"url\":\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/\",\"name\":\"BizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-09T19:45:10+00:00\",\"dateModified\":\"2024-04-09T19:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BizCalendar Web <= 1.1.0.19 – Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/","og_locale":"en_US","og_type":"article","og_title":"BizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es","og_description":"El plugin BizCalendar Web para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro ‘tab’ en todas las versiones hasta, e incluyendo, la 1.1.0.19 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar […]","og_url":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-09T19:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/","url":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/","name":"BizCalendar Web <= 1.1.0.19 - Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-09T19:45:10+00:00","dateModified":"2024-04-09T19:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/bizcalendar-web-1-1-0-19-cross-site-scripting-reflejado-a-traves-de-la-pestana\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"BizCalendar Web <= 1.1.0.19 – Cross-Site Scripting reflejado a trav\u00e9s de la pesta\u00f1a"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3486"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3486"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3486\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3486"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}