CVE-2022-30533
published 2022-06-16CVE-2022-30533: Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.53%
40.5th percentile
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webnus | modern_events_calendar_lite | < 6.3.0 | 6.3.0 |
| webnus | modern_events_calendar_lite | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vhv-xj4g-f2fq: Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6
ghsa_unreviewed·2022-06-17
CVE-2022-30533 [MEDIUM] CWE-79 GHSA-2vhv-xj4g-f2fq: Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
CISA
Google Chromium PopupBlocker Security Bypass Vulnerability
cisa·2022-06-27·CVSS 6.5
CVE-2021-30533 [MEDIUM] CWE-863 Google Chromium PopupBlocker Security Bypass Vulnerability
Vulnerability: Google Chromium PopupBlocker Security Bypass Vulnerability
Affected: Google Chromium PopupBlocker
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-30533
Remediation Due Date: 2022-07-18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-16
Published