CVE-2021-42078 – PHP Event Calendar Lite Edition Cross Site Scripting

https://notcve.org/view.php?id=CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site. PHP Event Calendar versiones hasta el 04-11-2021 permite un ataque de tipo cross-site scripting (XSS) persistente, como es demostrado por el parámetro de título /server/ajax/events_manager.php. Esto puede ser explotado por un adversario de múltiples maneras, por ejemplo, para llevar a cabo acciones en la página en el contexto de otros usuarios, o para desfigurar el sitio PHP Event Calendar Lite Edition suffers from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/24 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •