5 matches found
CVE-2021-34667
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
Cross site scripting
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-34667 Calendar_plugin <= 1.0 Reflected Cross-Site Scripting
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-34667
The CVE concerns the WordPress Calendar_plugin (versions up to 1.0). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by using $_SERVER['PHP_SELF'] in calendar.php, enabling an attacker to inject arbitrary web scripts. The exposed component is the calendar.php handler withi...
WordPress Calendar_plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by p7e4 in WordPress Calendarplugin versions = 1.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...