CVE-2022-0364

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 49.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Modern Events Calendar LiteWebnus Modern Events Calendar Lite
Timeline
PublishedMar 21
Latest updateMar 22

Description

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/modern_events_calendar_lite6.4.06.4.0

🔴Vulnerability Details

2
GHSA
GHSA-wx62-47v6-8crm: The Modern Events Calendar Lite WordPress plugin before 62022-03-22
CVEList
Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting2022-03-21
CVE-2022-0364 (MEDIUM CVSS 5.4) | The Modern Events Calendar Lite Wor | cvebase.io