Search
Find a vulnerability
Search criteria
3 vulnerabilities found for Modern Events Calendar Lite by Webnus
CVE-2022-30533 (GCVE-0-2022-30533)
Vulnerability from nvd – Published: 2022-06-16 01:35 – Updated: 2024-08-03 06:48
VLAI
Summary
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://webnus.net/modern-events-calendar/lite/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN04155116/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Webnus | Modern Events Calendar Lite |
Affected:
versions prior to 6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modern Events Calendar Lite",
"vendor": "Webnus",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T01:35:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modern Events Calendar Lite",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.3.0"
}
]
}
}
]
},
"vendor_name": "Webnus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://webnus.net/modern-events-calendar/lite/",
"refsource": "MISC",
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"name": "https://jvn.jp/en/jp/JVN04155116/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30533",
"datePublished": "2022-06-16T01:35:18.000Z",
"dateReserved": "2022-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30533 (GCVE-0-2022-30533)
Vulnerability from cvelistv5 – Published: 2022-06-16 01:35 – Updated: 2024-08-03 06:48
VLAI
Summary
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://webnus.net/modern-events-calendar/lite/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN04155116/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Webnus | Modern Events Calendar Lite |
Affected:
versions prior to 6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modern Events Calendar Lite",
"vendor": "Webnus",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T01:35:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modern Events Calendar Lite",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.3.0"
}
]
}
}
]
},
"vendor_name": "Webnus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://webnus.net/modern-events-calendar/lite/",
"refsource": "MISC",
"url": "https://webnus.net/modern-events-calendar/lite/"
},
{
"name": "https://jvn.jp/en/jp/JVN04155116/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN04155116/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30533",
"datePublished": "2022-06-16T01:35:18.000Z",
"dateReserved": "2022-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2022-000041
Vulnerability from jvndb - Published: 2022-06-01 13:39 - Updated:2024-06-18 10:42
Severity
Summary
WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
Details
WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability (CWE-79).
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000041.html",
"dc:date": "2024-06-18T10:42+09:00",
"dcterms:issued": "2022-06-01T13:39+09:00",
"dcterms:modified": "2024-06-18T10:42+09:00",
"description": "WordPress Plugin \"Modern Events Calendar Lite\" provided by Webnus contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000041.html",
"sec:cpe": {
"#text": "cpe:/a:webnus:modern_events_calendar_lite",
"@product": "Modern Events Calendar Lite",
"@vendor": "Webnus",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000041",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN04155116/index.html",
"@id": "JVN#04155116",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30533",
"@id": "CVE-2022-30533",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30533",
"@id": "CVE-2022-30533",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"Modern Events Calendar Lite\" vulnerable to cross-site scripting"
}