WordPress Spider Calendar Plugin Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running WordPress Spider Calendar Plugin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Update to version 1.1.3 or later, For updates refer to http://wordpress.org/extend/plugins/spider-calendar

Insight

Input passed via the 'date' parameter to 'front_end/spidercalendarbig.php' is not properly sanitised before being returned to the user.

Affected

WordPress Spider Calendar Plugin version 1.0.1

References

http://packetstormsecurity.org/files/117078/WordPress-Spider-1.0.1-SQL-Injection-XSS.html
http://secunia.com/advisories/50812
http://www.exploit-db.com/exploits/21715/
http://xforce.iss.net/xforce/xfdb/79042

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Open For Business HTML injection vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Web Server ETag Header Information Disclosure Weakness
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities