CVE-2017-9420

Published Jun 5, 2017
Last updated 8 years ago
CVSS medium 6.1
Overview

Description: Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B48BA7E9-1C6A-4497-A4D6-54328F7BF932"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B4A24B2-EF01-4A17-A6CF-813475D21227"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.2a:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60EE3105-9B64-4F6B-B9F6-9C24098721FC"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.0.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "013E5373-DB1D-4755-886C-1B52CCA65F6A"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5885F052-6919-4BA8-9369-BF950BCA6C27"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72EED180-74B8-4FEE-90D2-A92DA6F8A0C7"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9862E0-A08D-4A48-B21C-566FFF18BED3"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAD97A2D-A21F-4063-832F-99031B313858"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F470C95-E624-4891-B61E-475599994AB4"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.5:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E95096B1-5542-43CD-9B97-49C7F70CA23F"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.6:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FC4484F-C0E2-4351-89FE-53EC17EA5AE0"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.7:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE2F989-D73F-49E4-A50A-2627CAC7ED26"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.1.8:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "125477F4-CBFC-4B5D-A671-0B06A4A35FB7"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58FB758D-EC2B-4B2A-9A3D-FC62B9D0F016"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.2.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB4825D9-F7A3-4F17-87A4-FB2BA700BF36"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39305F07-2412-4399-A0F9-E73A60E166FB"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:1.3.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71522FBE-957B-499E-8E0A-E72B92BEAD4E"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CB51901-2BD8-46FE-B168-1BC34F60EC73"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.0.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83EB9CA8-6A72-4C8B-AAB9-8F988AFBCFC8"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A46D334-F27A-4172-95DB-87676710CA3C"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C77BA87F-A6D4-4AD4-8809-008DA3AB3900"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E577878-34D0-4BA3-BE25-EDF8561CB510"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:2.1.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89D1B1B6-1A3A-4A6A-B0B3-1BCFE9538571"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC255E43-9EF6-4C39-A761-118971E01F31"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6F8972B-3E0E-4913-8122-36E3444D7F40"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DDE807-A788-410E-8260-DCF264AC476D"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49E4DA3E-47F3-40E5-B461-004EA68AA65C"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9C04C0E-8FE1-4E87-AB18-30CB6CF30E88"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.5:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8252FE9F-5AAC-49CB-942F-FA3A56CABD85"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.6:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D473CCD0-BEA4-4EE0-94E8-A88C157C3AAC"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.7:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99AA5CF4-183D-43AE-B7BC-4C25334E0DA0"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.0.8:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70F92E8E-F523-46BC-9533-4CD3419708E6"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E64E631-BAB1-4B44-A903-857A6867D9B0"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF5B4727-50D6-4B83-8312-424BAF042B4A"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14813E8C-241B-42FA-AD2C-987B9A2BA792"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EF26C4F-0F25-400E-A21D-69E98C9E0F92"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "459555CA-2058-4692-9731-13894404685E"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.1.5:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3DE567C-E274-4E64-AD9B-134381E50CEA"
          },
          {
            "criteria": "cpe:2.3:a:sunnythemes:spiffy_calendar:3.2.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F15F8FE3-56F3-43A4-BBED-66060D43BBC6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
