CVE-2022-4455

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
php-calendarphp-calendar
𝑥
< 2022-04-28
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-calendar
kinetic
dne
jammy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809
https://vuldb.com/?ctiid.215445
https://vuldb.com/?id.215445
https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809
https://vuldb.com/?id.215445