3 matches found
CVE-2021-34667
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-34667 Calendar_plugin <= 1.0 Reflected Cross-Site Scripting
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-34667
The CVE concerns the WordPress Calendar_plugin (versions up to 1.0). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by using $_SERVER['PHP_SELF'] in calendar.php, enabling an attacker to inject arbitrary web scripts. The exposed component is the calendar.php handler withi...