Lucene search

K
prionPRIOn knowledge basePRION:CVE-2021-24927
HistoryNov 29, 2021 - 9:15 a.m.

Cross site scripting

2021-11-2909:15:00
PRIOn knowledge base
www.prio-n.com
1

0.001 Low

EPSS

Percentile

24.8%

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

CPENameOperatorVersion
my_calendarlt3.2.18

0.001 Low

EPSS

Percentile

24.8%

Related for PRION:CVE-2021-24927