Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Modern Events Calendar Lite by Webnus

    CVE-2022-30533 (GCVE-0-2022-30533)

    Vulnerability from nvd – Published: 2022-06-16 01:35 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Webnus Modern Events Calendar Lite Affected: versions prior to 6.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://webnus.net/modern-events-calendar/lite/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modern Events Calendar Lite",
              "vendor": "Webnus",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T01:35:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://webnus.net/modern-events-calendar/lite/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-30533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modern Events Calendar Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Webnus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://webnus.net/modern-events-calendar/lite/",
                  "refsource": "MISC",
                  "url": "https://webnus.net/modern-events-calendar/lite/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN04155116/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-30533",
        "datePublished": "2022-06-16T01:35:18.000Z",
        "dateReserved": "2022-05-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30533 (GCVE-0-2022-30533)

    Vulnerability from cvelistv5 – Published: 2022-06-16 01:35 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Webnus Modern Events Calendar Lite Affected: versions prior to 6.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://webnus.net/modern-events-calendar/lite/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modern Events Calendar Lite",
              "vendor": "Webnus",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T01:35:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://webnus.net/modern-events-calendar/lite/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-30533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modern Events Calendar Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Webnus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://webnus.net/modern-events-calendar/lite/",
                  "refsource": "MISC",
                  "url": "https://webnus.net/modern-events-calendar/lite/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN04155116/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN04155116/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-30533",
        "datePublished": "2022-06-16T01:35:18.000Z",
        "dateReserved": "2022-05-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000041

    Vulnerability from jvndb - Published: 2022-06-01 13:39 - Updated:2024-06-18 10:42
    Severity
    Summary
    WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
    Details
    WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability (CWE-79). Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000041.html",
      "dc:date": "2024-06-18T10:42+09:00",
      "dcterms:issued": "2022-06-01T13:39+09:00",
      "dcterms:modified": "2024-06-18T10:42+09:00",
      "description": "WordPress Plugin \"Modern Events Calendar Lite\" provided by Webnus contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000041.html",
      "sec:cpe": {
        "#text": "cpe:/a:webnus:modern_events_calendar_lite",
        "@product": "Modern Events Calendar Lite",
        "@vendor": "Webnus",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000041",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN04155116/index.html",
          "@id": "JVN#04155116",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30533",
          "@id": "CVE-2022-30533",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30533",
          "@id": "CVE-2022-30533",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "WordPress Plugin \"Modern Events Calendar Lite\" vulnerable to cross-site scripting"
    }