Lucene search
China National Vulnerability DatabaseCNVD-2022-16923HistoryFeb 16, 2022 - 12:00 a.m.
WordPress SpiderCalendar plugin跨站脚本漏洞
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
wordpress
spidercalendar
cross-site scripting
vulnerability
php
mysql
ajax
EPSS
0.001
Percentile
36.8%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the fact that callback parameters are not cleaned up and escaped before being output to the page via a window AJAX action (available to both unauthenticated and authenticated users are available), an attacker can use this vulnerability to execute JavaScript code on the client side.
Related
cve
cve
CVE-2022-0212
2022-02-14 12:15:16
wpvulndb
wpvulndb
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00
nuclei
nuclei
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
2023-03-31 11:28:24
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0212 SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-02-14 09:21:08
nvd
nvd
CVE-2022-0212
2022-02-14 12:15:16
wpexploit
wpexploit
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00