Summary
This host is running WordPress Spider Calendar Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Update to version 1.1.3 or later,
For updates refer to http://wordpress.org/extend/plugins/spider-calendar
Insight
Input passed via the 'date' parameter to 'front_end/spidercalendarbig.php' is not properly sanitised before being returned to the user.
Affected
WordPress Spider Calendar Plugin version 1.0.1
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Subversion Module Metadata Accessible
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability