5 matches found
CVE-2021-24147
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...
CVE-2021-24147
creationtimestamp| type| source ---|---|--- 2023-11-09 15:39:01+00:00| seen| https://t.me/arpsyndicate/35...
CVE-2021-24147
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...
CVE-2021-24147
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...
CVE-2021-24147
The CVE-2021-24147 entry concerns the WordPress plugin Modern Events Calendar Lite (pre-5.16.5). Affected component: mic_comment field in event creation/editing; root cause is unvalidated input and lack of output encoding, enabling Cross-Site Scripting when events are viewed. Impact is since low-...