CVE-2012-4242

{"id": "CVE-2012-4242", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-10-01T23:55:01.440", "references": [{"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/55622", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el complemento MF Gig Calendar para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cadena de consulta en la p\u00e1gina de calendario."}], "lastModified": "2023-08-03T02:18:52.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE4460DB-793E-493F-A217-9BFAF87866E2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}