CVE-2022-4455 MEDIUM

CVE-2022-4455: sproctor php-calendar index.php cross site scripting

Vendor Sproctor
Product php-calendar
Weakness CWE-79 · XSS
Published December 13, 2022
Last update December 15, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.

Key dates

02Disclosure timeline

December 13, 2022 CVE published
December 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-36185 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2021-38338 Border Loading Bar <= 1.0.1 Reflected Cross-Site Scripting CVE-2024-13582 Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter CVE-2024-1500 Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget