MotoPress Timetable and Event Schedule Calendar cross site scripting
CVE-2022-2844

3.5LOW

Key Information:

Vendor: Motopress
Status: Timetable And Event Schedule
Vendor: CVE Published:; 16 August 2022

What is CVE-2022-2844?

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.

Affected Version(s)

Timetable and Event Schedule 1.4.06

References

https://vuldb.com/?id.206487

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2022
Vulnerability Reserved
Aug 16, 2022

Credit

Mostafa Farzaneh

CVE-2022-2844 Data

JSON