WordPress Spider Calendar Plugin Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running WordPress Spider Calendar Plugin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Update to version 1.1.3 or later, For updates refer to http://wordpress.org/extend/plugins/spider-calendar

Insight

Input passed via the 'date' parameter to 'front_end/spidercalendarbig.php' is not properly sanitised before being returned to the user.

Affected

WordPress Spider Calendar Plugin version 1.0.1

References

http://packetstormsecurity.org/files/117078/WordPress-Spider-1.0.1-SQL-Injection-XSS.html
http://secunia.com/advisories/50812
http://www.exploit-db.com/exploits/21715/
http://xforce.iss.net/xforce/xfdb/79042

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities