CVE-2017-9420

MEDIUM

Spiffy Calendar <3.3.0 - XSS

Title source: llm

Description

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.

References (3)

Scores

CVSS v3 6.1
EPSS 0.0041
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (40)
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
sunnythemes/spiffy_calendar
... and 30 more
Published Jun 05, 2017
Tracked Since Feb 18, 2026