Lucene search
Krzysztof ZajΔ
cWPEX-ID:15BE2D2B-BAA3-4845-82CF-3C351C695B47HistoryJan 13, 2022 - 12:00 a.m.
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-1300:00:00
Krzysztof ZajΔ
c
58
spidercalendar
cross-site scripting
reflected
exploit
admin-ajax.php
EPSS
0.001
Percentile
36.8%
The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it wonβt be maintained anymore
https://example.com/wp-admin/admin-ajax.php?action=window&callback=%3C/script%3E%3Cimg/src/onerror=alert(/XSS/);%3ERelated
cnvd
cnvd
WordPress SpiderCalendar pluginθ·¨η«θζ¬ζΌζ΄
2022-02-16 00:00:00
cve
cve
CVE-2022-0212
2022-02-14 12:15:16
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0212 SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-02-14 09:21:08
nvd
nvd
CVE-2022-0212
2022-02-14 12:15:16
wpvulndb
wpvulndb
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00
nuclei
nuclei
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
2023-03-31 11:28:24