{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-29T00:10:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8842"}, {"name": "98931", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98931"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9420", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://spiffycalendar.sunnythemes.com/version-3-3-0/", "refsource": "MISC", "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"}, {"name": "https://wpvulndb.com/vulnerabilities/8842", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8842"}, {"name": "98931", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98931"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:02:44.376Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8842"}, {"name": "98931", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98931"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9420", "datePublished": "2017-06-05T19:00:00", "dateReserved": "2017-06-03T00:00:00", "dateUpdated": "2024-08-05T17:02:44.376Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B48BA7E9-1C6A-4497-A4D6-54328F7BF932", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4B4A24B2-EF01-4A17-A6CF-813475D21227", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.2a:*:*:*:*:wordpress:*:*", "matchCriteriaId": "60EE3105-9B64-4F6B-B9F6-9C24098721FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "013E5373-DB1D-4755-886C-1B52CCA65F6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5885F052-6919-4BA8-9369-BF950BCA6C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "72EED180-74B8-4FEE-90D2-A92DA6F8A0C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2B9862E0-A08D-4A48-B21C-566FFF18BED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DAD97A2D-A21F-4063-832F-99031B313858", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5F470C95-E624-4891-B61E-475599994AB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E95096B1-5542-43CD-9B97-49C7F70CA23F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2FC4484F-C0E2-4351-89FE-53EC17EA5AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5EE2F989-D73F-49E4-A50A-2627CAC7ED26", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "125477F4-CBFC-4B5D-A671-0B06A4A35FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "58FB758D-EC2B-4B2A-9A3D-FC62B9D0F016", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BB4825D9-F7A3-4F17-87A4-FB2BA700BF36", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39305F07-2412-4399-A0F9-E73A60E166FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "71522FBE-957B-499E-8E0A-E72B92BEAD4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1CB51901-2BD8-46FE-B168-1BC34F60EC73", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "83EB9CA8-6A72-4C8B-AAB9-8F988AFBCFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1A46D334-F27A-4172-95DB-87676710CA3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C77BA87F-A6D4-4AD4-8809-008DA3AB3900", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0E577878-34D0-4BA3-BE25-EDF8561CB510", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "89D1B1B6-1A3A-4A6A-B0B3-1BCFE9538571", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BC255E43-9EF6-4C39-A761-118971E01F31", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D6F8972B-3E0E-4913-8122-36E3444D7F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "96DDE807-A788-410E-8260-DCF264AC476D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "49E4DA3E-47F3-40E5-B461-004EA68AA65C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C9C04C0E-8FE1-4E87-AB18-30CB6CF30E88", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8252FE9F-5AAC-49CB-942F-FA3A56CABD85", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D473CCD0-BEA4-4EE0-94E8-A88C157C3AAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "99AA5CF4-183D-43AE-B7BC-4C25334E0DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70F92E8E-F523-46BC-9533-4CD3419708E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0E64E631-BAB1-4B44-A903-857A6867D9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BF5B4727-50D6-4B83-8312-424BAF042B4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "14813E8C-241B-42FA-AD2C-987B9A2BA792", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3EF26C4F-0F25-400E-A21D-69E98C9E0F92", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "459555CA-2058-4692-9731-13894404685E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D3DE567C-E274-4E64-AD9B-134381E50CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F15F8FE3-56F3-43A4-BBED-66060D43BBC6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versi\u00f3n 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del par\u00e1metro yr."}], "id": "CVE-2017-9420", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-05T19:29:00.180", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98931"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/8842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wpvulndb.com/vulnerabilities/8842"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}