CVE-2022-4455

Summary

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.

Affected Software

VendorProductVersion RangeStatus
sproctorphp-calendar2.0.0affected
sproctorphp-calendar2.0.1affected
sproctorphp-calendar2.0.2affected
sproctorphp-calendar2.0.3affected
sproctorphp-calendar2.0.4affected
sproctorphp-calendar2.0.5affected
sproctorphp-calendar2.0.6affected
sproctorphp-calendar2.0.7affected
sproctorphp-calendar2.0.8affected
sproctorphp-calendar2.0.9affected
sproctorphp-calendar2.0.10affected
sproctorphp-calendar2.0.11affected
sproctorphp-calendar2.0.12affected
sproctorphp-calendar2.0.13affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References