CVE-2022-4455

Name of the Vulnerable Software and Affected Versions sproctor php-calendar (affected versions not specified)

Description A problematic vulnerability was found in sproctor php-calendar, affecting an unknown part of the file index.php. The manipulation of the argument $ SERVER['PHP SELF'] leads to cross site scripting. It is possible to initiate the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch with the name a2941109b42201c19733127ced763e270a357809. As a temporary workaround, consider restricting access to the index.php file until the patch is applied. Additionally, avoid using the $ SERVER['PHP SELF'] argument in the affected file until the issue is resolved.