Lucene search
Krzysztof ZającWPEX-ID:86F3ACC7-8902-4215-BD75-6105D601524EHistoryNov 01, 2021 - 12:00 a.m.
My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting
2021-11-0100:00:00
Krzysztof Zając
227
0.001 Low
EPSS
Percentile
24.8%
The plugin does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/admin-ajax.php?action=mc_post_lookup&term=hop&callback=%3Cimg/src/onerror=alert(/XSS/)%3E
Related
cvelist
cvelist
nvd
nvd
CVE-2021-24927
2021-11-29 09:15:08
wpvulndb
wpvulndb
My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting
2021-11-01 00:00:00
prion
prion
Cross site scripting
2021-11-29 09:15:00
cve
cve
CVE-2021-24927
2021-11-29 09:15:08
cnvd
cnvd
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-102402)
2021-12-01 00:00:00