CVE-2021-42078
PHP Event Calendar Lite Edition Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.
PHP Event Calendar versiones hasta el 04-11-2021 permite un ataque de tipo cross-site scripting (XSS) persistente, como es demostrado por el parámetro de título /server/ajax/events_manager.php. Esto puede ser explotado por un adversario de múltiples maneras, por ejemplo, para llevar a cabo acciones en la página en el contexto de otros usuarios, o para desfigurar el sitio
PHP Event Calendar Lite Edition suffers from a persistent cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-07 CVE Reserved
- 2021-11-05 CVE Published
- 2024-07-24 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Nov/24 | 2024-08-04 | |
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txt | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Event Calendar Project Search vendor "Php Event Calendar Project" | Php Event Calendar Search vendor "Php Event Calendar Project" for product "Php Event Calendar" | 2021-11-04 Search vendor "Php Event Calendar Project" for product "Php Event Calendar" and version "2021-11-04" | lite |
Affected
| ||||||