Cross site scripting

2021-09-2010:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

24.9%

JSON

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

CPENameOperatorVersion
availability_calendarlt1.2.2

CPE	Name	Operator	Version
	availability_calendar	lt	1.2.2

References

wpscan.com/vulnerability/d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9c

0.001 Low

EPSS

Percentile

24.9%

JSON

Related for PRION:CVE-2021-24604