CVE-2017-9420 – Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-9420

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versión 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del parámetro yr. • http://spiffycalendar.sunnythemes.com/version-3-3-0 http://www.securityfocus.com/bid/98931 https://wpvulndb.com/vulnerabilities/8842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •