Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4242 — Cross-site Scripting in GIG Calendar Project MF GIG Calendar

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

8.0%

top 7.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

MF GIG Calendar Project MF GIG Calendar

Timeline

PublishedOct 1

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmf_gig_calendar_project/mf_gig_calendar0.9.2

🔴Vulnerability Details

GHSA

GHSA-gwmc-cj2r-4xqg: Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0↗2022-05-17

▶

CVEList

CVE-2012-4242: Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0↗2012-10-01

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin MF Gig Calendar - Cross-Site Scripting↗2012-09-20

▶

Nuclei

WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

▶