Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 6:24 p.m.9 views

CVE-2021-24604

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS6.2AI score0.00617EPSS
Exploits2References1
nvd
nvd
added 2021/09/20 10:15 a.m.20 views

CVE-2021-24604

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS0.00617EPSS
Exploits2References1
cve
cve
added 2021/09/20 10:6 a.m.51 views

CVE-2021-24604

The CVE-2021-24604 affects the Availability Calendar WordPress plugin (pre-1.2.2). The root cause is failure to sanitize/escape Category Names before they are output in pages/posts using the related shortcode, enabling authenticated, high-privilege users to perform cross-site scripting (XSS). The...

4.8CVSS5AI score0.00617EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2021/09/20 10:6 a.m.23 views

CVE-2021-24604 Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

5.2AI score0.00617EPSS
Exploits2References1
Rows per page
Query Builder