Lucene search

K
cvelistMitreCVELIST:CVE-2012-1835
HistoryAug 14, 2012 - 9:00 p.m.

CVE-2012-1835

2012-08-1421:00:00
mitre
www.cve.org
6
cross-site scripting
vulnerabilities
all-in-one event calendar
wordpress
remote attackers
arbitrary web script
html

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

58.2%

Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

58.2%