Cross Site Scripting Vulnerability in Spiffy Calendar Plugin for WordPress
CVE-2017-9420

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Spiffy Calendar
Vendor
CVE Published:
5 June 2017

Summary

The Spiffy Calendar plugin for WordPress is vulnerable to Cross Site Scripting (XSS) attacks in versions prior to 3.3.0. This security flaw enables remote attackers to inject and execute arbitrary JavaScript through the 'yr' parameter, compromising site integrity and potentially manipulating user sessions. Website administrators are urged to update to the latest version to mitigate such risks and ensure user safety.

References

http://spiffycalendar.sunnythemes.com/version-3-3-0/
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/8842
x_refsource_MISC
http://www.securityfocus.com/bid/98931
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.