Summary
This host is running WordPress Spider Calendar Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Update to version 1.1.3 or later,
For updates refer to http://wordpress.org/extend/plugins/spider-calendar
Insight
Input passed via the 'date' parameter to 'front_end/spidercalendarbig.php' is not properly sanitised before being returned to the user.
Affected
WordPress Spider Calendar Plugin version 1.0.1
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Open For Business HTML injection vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache ActiveMQ Source Code Information Disclosure Vulnerability