CVE-2012-4242

Name of the Vulnerable Software and Affected Versions MF Gig Calendar plugin version 0.9.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page, which is a cross-site scripting (XSS) vulnerability. This enables attackers to execute malicious scripts on the client-side.

Recommendations For MF Gig Calendar plugin version 0.9.2, consider disabling access to the calendar page until a patch is available. As a temporary workaround, restrict user input in the query string to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.