CVE-2021-24498
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 3.1%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
02 ago 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
Productos afectados
Unknown · Calendar Event Multi View¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →