MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)
CVE-2021-24510

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Mf Gig Calendar
Vendor: CVE Published:; 13 September 2021

Summary

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

Affected Version(s)

MF Gig Calendar 0 < 1.2

References

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

iohex

WPScan