2 matches found
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...
CVE-2017-9420
The CVE-2017-9420 entry concerns a Cross-Site Scripting (XSS) flaw in the WordPress Spiffy Calendar plugin before version 3.3.0, exploitable via the yr parameter to inject arbitrary JavaScript. Impact is reflected in multiple sources; remediation is to upgrade to version 3.3.0 or later. Connected...