6.1
CVE-2021-24510
- EPSS 2.31%
- Veröffentlicht 13.09.2021 18:15:15
- Zuletzt bearbeitet 21.11.2024 05:53:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)
MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
Mögliche Gegenmaßnahme
MF Gig Calendar: Update to version 1.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mf Gig Calendar Project ≫ Mf Gig Calendar SwEditionwordpress Version <= 1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MF Gig Calendar
Version
*-1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.31% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
https://www.wordfence.com/threat-intel/vulnerabilities/id/dba7f15a-29f8-4c7b-b506-7e82c563c6a9