Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
OffshorewebmasterAvailability Calendar*

2 matches found

CVE
CVEadded 2021/09/20 10:6 a.m.45 views

CVE-2021-24606

The CVE-2021-24606 entry affects the Availability Calendar WordPress plugin (before 1.2.1). The root cause is failure to escape the category attribute in the shortcode before it is used in a SQL statement, resulting in an authenticated SQL injection vulnerability. Impact is that a user who can in...

8.8CVSS9.1AI score0.00532EPSS
CVE
CVEadded 2021/09/20 10:6 a.m.41 views

CVE-2021-24604

The CVE-2021-24604 affects the Availability Calendar WordPress plugin (pre-1.2.2). The root cause is failure to sanitize/escape Category Names before they are output in pages/posts using the related shortcode, enabling authenticated, high-privilege users to perform cross-site scripting (XSS). The...

4.8CVSS5AI score0.00225EPSS
Web