Lucene search
High-Tech Bridge SAPATCHSTACK:26BE89C03088E9862E52BFE5CDC60035HistoryApr 11, 2012 - 12:00 a.m.
WordPress All-in-One Event Calendar Plugin 1.4 - "title" Parameter XSS
2012-04-1100:00:00
High-Tech Bridge SA
patchstack.com
11
0.009 Low
EPSS
Percentile
83.0%
WordPress All-in-One Event Calendar plugin’s /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php “title” parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| all in one event calendar | le | 1.4 |
References
Related
wpvulndb
wpvulndb
All-in-One Event Calendar Plugin 1.4 & 1.5 Multiple XSS
2014-09-27 11:39:17
cve
cve
CVE-2012-1835
2022-10-03 16:15:27
prion
prion
Cross site scripting
2012-08-14 21:55:00
openvas
openvas
patchstack
patchstack
WordPress All-in-One Event Calendar Plugin 1.4 - Multiple Parameter XSS
2012-04-11 00:00:00
WordPress All-in-One Event Calendar Plugin 1.4 - "msg" Parameter XSS
2012-04-11 00:00:00
packetstorm
packetstorm
WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
2012-04-12 00:00:00
htbridge
htbridge
nuclei
nuclei
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
2021-07-14 23:19:57
securityvulns
securityvulns
nvd
nvd
CVE-2012-1835
2012-08-14 21:55:00
cvelist
cvelist
CVE-2012-1835
2022-10-03 16:15:27
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22