CVE-2012-6527

Joedolson MY Calendar < 1.10.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

References (5)

[Exploit, Patch] http://plugins.trac.wordpress.org/changeset/490070/my-calendar

[Vendor Advisory] http://secunia.com/advisories/47579

[Product] http://wordpress.org/extend/plugins/my-calendar/changelog/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51539

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72454

Scores

EPSS 0.0036

EPSS Percentile 57.5%

Details

CWE

CWE-79

Status published

Products (50)

joedolson/my_calendar < 1.10.1

joedolson/my_calendar

... and 40 more

Published Jan 31, 2013

Tracked Since Feb 18, 2026