CVE-2021-42078
Last modified
CVE-2021-42078 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Php Event Calendar Project | Php Event Calendar | 2021-11-04 |
References
- http://seclists.org/fulldisclosure/2021/Nov/24Exploit, Mailing List, Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txtExploit, Third Party Advisory
- http://seclists.org/fulldisclosure/2021/Nov/24Exploit, Mailing List, Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-42078?
How severe is CVE-2021-42078?
How do I fix CVE-2021-42078?
Are you affected by CVE-2021-42078?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST