Vulnerability Details CVE-2021-27330
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.224
EPSS Ranking 95.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html
- http://www.triconsole.com/
- http://www.triconsole.com/php/calendar_datepicker.php
- https://www.exploit-db.com/exploits/49597
- http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html
- http://www.triconsole.com/
- http://www.triconsole.com/php/calendar_datepicker.php
- https://www.exploit-db.com/exploits/49597
Products affected by CVE-2021-27330
-
cpe:2.3:a:triconsole:datepicker_calendar:*