CVE-2022-30533 — Cross-site Scripting in Modern Events Calendar Lite

CWE-79 — Cross-site Scripting CWE-863 — Incorrect Authorization4 documents4 sources

Severity

5.4MEDIUMNVD

CISA6.5

EPSS

0.2%

top 62.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webnus Modern Events Calendar Lite

Timeline

PublishedJun 16

Latest updateJun 27

Description

Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDwebnus/modern_events_calendar_lite< 6.3.0

▶CVEListV5webnus/modern_events_calendar_liteversions prior to 6.3.0

🔴Vulnerability Details

GHSA

GHSA-2vhv-xj4g-f2fq: Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6↗2022-06-17

▶

CVEList

CVE-2022-30533: Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6↗2022-06-16

▶

📋Vendor Advisories

CISA

Google Chromium PopupBlocker Security Bypass Vulnerability↗2022-06-27

▶