Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vn-calendar project vn-calendar |