Skip to main content

Mstw League Manager

1 CVEs product

Monthly

CVE-2026-34890 MEDIUM This Month

DOM-based cross-site scripting (XSS) in MSTW League Manager WordPress plugin through version 2.10 allows authenticated attackers to inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, modifying league data, or performing actions on behalf of victims. The vulnerability requires user interaction (UI:R) and affects the plugin across all versions up to 2.10.

XSS Mstw League Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

DOM-based cross-site scripting (XSS) in MSTW League Manager WordPress plugin through version 2.10 allows authenticated attackers to inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, modifying league data, or performing actions on behalf of victims. The vulnerability requires user interaction (UI:R) and affects the plugin across all versions up to 2.10.

XSS Mstw League Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy