Lucene search
WPScanCVELIST:CVE-2022-0212HistoryFeb 14, 2022 - 9:21 a.m.
CVE-2022-0212 SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-02-1409:21:08
CWE-79
WPScan
www.cve.org
3
cve-2022-0212
spidercalendar
wordpress
reflected cross-site scripting
EPSS
0.001
Percentile
36.8%
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
CNA Affected
[
{
"product": "SpiderCalendar",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.5.65",
"status": "affected",
"version": "1.5.65",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress SpiderCalendar pluginθ·¨η«θζ¬ζΌζ΄
2022-02-16 00:00:00
cve
cve
CVE-2022-0212
2022-02-14 12:15:16
wpvulndb
wpvulndb
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00
nuclei
nuclei
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
2023-03-31 11:28:24
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
nvd
nvd
CVE-2022-0212
2022-02-14 12:15:16
wpexploit
wpexploit
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00