Proof of Concept
In order to replay the attack, use the link below.
Update to the latest version of the Spiffy Calendar plug-in.
- 02/06/2017 – Contact with the vendor
- 02/06/2017 – Vendor replied back and immediately fixed the vulnerability
- 05/06/2017 – Public Disclosure