MidnightBSD

Advisories for sunnythemes

CVE-2017-9420 MEDIUM

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sunnythemes spiffy_calendar 2.0.1
sunnythemes spiffy_calendar 2.1.3
sunnythemes spiffy_calendar 3.0.6
sunnythemes spiffy_calendar 3.0.4
sunnythemes spiffy_calendar 3.0.0
sunnythemes spiffy_calendar 1.1.0
sunnythemes spiffy_calendar 1.1.4
sunnythemes spiffy_calendar 1.2.1
sunnythemes spiffy_calendar 1.1.6
sunnythemes spiffy_calendar 3.1.4
sunnythemes spiffy_calendar 1.3.1
sunnythemes spiffy_calendar 1.1.2
sunnythemes spiffy_calendar 3.2.0
sunnythemes spiffy_calendar 1.1.8
sunnythemes spiffy_calendar 1.0.0
sunnythemes spiffy_calendar 2.0.0
sunnythemes spiffy_calendar 1.1.1
sunnythemes spiffy_calendar 1.0.2a
sunnythemes spiffy_calendar 3.0.3
sunnythemes spiffy_calendar 1.0.1
sunnythemes spiffy_calendar 3.1.5
sunnythemes spiffy_calendar 3.0.2
sunnythemes spiffy_calendar 3.1.1
sunnythemes spiffy_calendar 3.1.3
sunnythemes spiffy_calendar 1.1.5
sunnythemes spiffy_calendar 2.1.1
sunnythemes spiffy_calendar 1.2.0
sunnythemes spiffy_calendar 1.1.3
sunnythemes spiffy_calendar 3.0.5
sunnythemes spiffy_calendar 3.0.8
sunnythemes spiffy_calendar 2.1.0
sunnythemes spiffy_calendar 3.1.0
sunnythemes spiffy_calendar 3.1.2
sunnythemes spiffy_calendar 2.1.2
sunnythemes spiffy_calendar 1.0.3
sunnythemes spiffy_calendar 1.1.7
sunnythemes spiffy_calendar 1.3.0
sunnythemes spiffy_calendar 3.0.1
sunnythemes spiffy_calendar 3.0.7