{"id":"CVE-2022-4455","details":"A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.","modified":"2026-04-10T04:52:35.635041Z","published":"2022-12-13T18:15:10.830Z","related":["CGA-2rx4-7wq8-5x53"],"references":[{"type":"WEB","url":"https://vuldb.com/?ctiid.215445"},{"type":"ADVISORY","url":"https://vuldb.com/?id.215445"},{"type":"FIX","url":"https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sproctor/php-calendar","events":[{"introduced":"0"},{"fixed":"a2941109b42201c19733127ced763e270a357809"}]},{"type":"GIT","repo":"https://github.com/sproctor/php-calendar","events":[{"introduced":"0"},{"fixed":"a2941109b42201c19733127ced763e270a357809"}]}],"versions":["2.0.10","2.0.6","2.0.8","v2.0","v2.0-rc2","v2.0-rc3","v2.0-rc4","v2.0-rc5","v2.0-rc6","v2.0-rc7","v2.0.1","v2.0.12","v2.0.13","v2.0.2","v2.0.3","v2.0.5","v2.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4455.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2022-04-28"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}