.. / CVE-2012-4242

Exploit for WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting (CVE-2012-4242)

Description:

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

Nuclei Template

View the template here CVE-2012-4242.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2012/CVE-2012-4242.yaml

References:

http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2012-4242

.. / CVE-2012-4242 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting (CVE-2012-4242)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2012-4242