Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24498
HistoryAug 02, 2021 - 10:32 a.m.

CVE-2021-24498 Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2021-08-0210:32:28
CWE-79
WPScan
www.cve.org

0.002 Low

EPSS

Percentile

54.2%

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the ‘start’ and ‘end’ GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.

CNA Affected

[
  {
    "product": "Calendar Event Multi View",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.4.01",
        "status": "affected",
        "version": "1.4.01",
        "versionType": "custom"
      }
    ]
  }
]

0.002 Low

EPSS

Percentile

54.2%

Related for CVELIST:CVE-2021-24498