CVE-2022-2846
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 4.3EPSS 2.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
16 ago 2022Publicada en NVD
05 abr 2023PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Productos afectados
Unknown · Calendar Event Multi ViewPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/171697/Calendar-Event-Multi-View-1.4.07-Cross-Site-Scripting.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51241no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →