Unrated severityNVD Advisory· Published Dec 13, 2022· Updated Dec 15, 2025

sproctor php-calendar index.php cross site scripting

CVE-2022-4455

Description

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.

Affected products

Sproctor/PHP Calendarv5
Range: 2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809mitrepatch
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000