CVE-2017-9420: WordPress Spiffy Calendar v.3.2.0 Reflected Cross-Site Scripting (XSS)

Identification Date: 02/06/2017 Vendor Homepage: http://spiffycalendar.sunnythemes.com/ Software Link: https://wordpress.org/plugins/spiffy-calendar   Description This version of the Spiffy Calendar plug-in is vulnerable to a Reflected Cross-Site Scripting vulnerability in the “yr” parameter due to the lack of proper input handling of the user’s data. An attacker can execute arbitrary JavaScript using a specially crafted URL. Thus, when the victim clicks on the…

Continue Reading