Description

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

Related CPE's

a

mf_gig_calendar_project

mf_gig_calendar

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39

Third Party Advisory

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-13T18:15:15.800

3 years ago

Last modified

2023-11-07T03:31:16.643

1 year ago