Support » Plugin: The Events Calendar » [Plugin: The Events Calendar] Xss Vulnerabilitie

  • I recently scanned my site with goddaddy site scanner tool and it gives me some warnings i want to share. Is safe to use the plugin?

    Your website contains pages that do not properly sanitize visitor‑provided input to make sure it contains no malicious content or scripts. Cross‑site scripting vulnerabilities let malicious users execute arbitrary HTML or script code in another visitor’
    s browser.

    Risk Factor:
    Medium / CVSS Base Score : 4.3(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

    Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

    Using the GET HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to cross-site scripting (comprehensive test) :
    + The ‘EventJumpToYear’ parameter of the /events/category/conference CGI :
    ——– output ——–

    <b>Warning</b>: mktime() expects parameter 6 to be long, string g […]
    January <script>alert(203)</script>
    <form action=” […]

    The reports continue with more output blablabla, i think this is not a high risk but it would be great if someone can explain it to me.


    [ Please do not bump, it’s not permitted here. ]

  • The topic ‘[Plugin: The Events Calendar] Xss Vulnerabilitie’ is closed to new replies.