4 matches found
CVE-2021-24604
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24604
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24604
The CVE-2021-24604 affects the Availability Calendar WordPress plugin (pre-1.2.2). The root cause is failure to sanitize/escape Category Names before they are output in pages/posts using the related shortcode, enabling authenticated, high-privilege users to perform cross-site scripting (XSS). The...
CVE-2021-24604 Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...