CVE-2022-4455
low-risk
Published 2022-12-13
A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.
Do I need to act?
-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10
Low
NETWORK
/ LOW complexity
Affected Products (1)
Php-Calendar
Affected Vendors
References (5)
Third Party Advisory
https://vuldb.com/?id.215445
Third Party Advisory
https://vuldb.com/?id.215445
22
/ 100
low-risk
Severity
16/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal