CVE-2017-9420 – Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-9420

02 Jun 2017 — Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versión 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del parámetro yr. • http://spiffycalendar.sunnythemes.com/version-3-3-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •