CVE-2017-9420

Опубликовано: 05 июн. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.

Ссылки

http://spiffycalendar.sunnythemes.com/version-3-3-0/
Product
Vendor Advisory
http://www.securityfocus.com/bid/98931
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/8842
http://spiffycalendar.sunnythemes.com/version-3-3-0/
Product
Vendor Advisory
http://www.securityfocus.com/bid/98931
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/8842

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.2a:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.7:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.8:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.7:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.8:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.0:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:sunnythemes:spiffy_calendar:3.2.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 61%

0.0041

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h84p-c52m-8955