CVE-2022-27848Cross-site Scripting in Modern Events Calendar Lite

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA3.4
EPSS
0.2%
top 54.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Webnus Modern Events Calendar Lite
Timeline
PublishedApr 14
Latest updateApr 15

Description

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rq34-3jg9-wwp6: Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 62022-04-15
CVEList
WordPress Modern Events Calendar Lite plugin <= 6.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability2022-04-14
CVE-2022-27848 — Cross-site Scripting | cvebase