CVSS 3.1 Score 5.4 of 10 (medium)


Published Dec 14, 2023
Updated: Dec 18, 2023


CVE-2023-49745 is a vulnerability categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation) which allows for Cross-site Scripting (XSS) attacks. This vulnerability affects Spiffy Calendar versions from n/a through 4.9.5. The affected products include various versions of Spiffy Plugins and Spiffy Calendar. The potential danger to organizations is that an attacker could exploit this vulnerability to inject malicious scripts into web pages viewed by users, leading to unauthorized access, data theft, or other malicious actions. To remediate this vulnerability, it is recommended to update the affected software to a patched version provided by the vendor or implement appropriate security measures to mitigate XSS attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-49745 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options