The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-14T09:21:08

Updated: 2024-08-02T23:18:42.830Z

Reserved: 2022-01-13T00:00:00

Link: CVE-2022-0212

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-02-14T12:15:16.550

Modified: 2022-02-19T04:19:27.383

Link: CVE-2022-0212

cve-icon Redhat

No data.