CVE-2021-24510

🗓️ 13 Sep 2021 17:56:22Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 61 Views🌐 WEB

The MF Gig Calendar WordPress plugin before 1.2 has a reflected Cross-Site Scripting issue

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-24510	13 Sep 202122:15	–	circl
CNNVD	WordPress plugin MF Gig Calendar 跨站脚本漏洞	13 Sep 202100:00	–	cnnvd
Cvelist	CVE-2021-24510 MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)	13 Sep 202117:56	–	cvelist
Nuclei	WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting	7 Jun 202603:02	–	nuclei
NVD	CVE-2021-24510	13 Sep 202118:15	–	nvd
Prion	Cross site scripting	13 Sep 202118:15	–	prion
Positive Technologies	PT-2021-16032 · WordPress · Mf Gig Calendar	13 Sep 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-24510	22 May 202518:24	–	redhatcve
wpexploit	MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)	17 Aug 202100:00	–	wpexploit
WPVulnDB	MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)	17 Aug 202100:00	–	wpvulndb

NVD

Vulners

Node

mf_gig_calendar_project mf_gig_calendarRange≤1.1wordpress

[
  {
    "vendor": "Unknown",
    "product": "MF Gig Calendar",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39

Parameter	Position	Path	Description	CWE
id	query param	wp-admin/admin.php?page=mf_gig_calendar&action=edit&id=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22	Reflected XSS in admin dashboard when editing an Event due to unsanitized output of id GET parameter	CWE-79

21 Nov 2024 05:53Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.21147