CVE-2021-24232

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 43.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Advanced Booking Calendar Elbtide Advanced Booking Calendar

Timeline

PublishedApr 22

Latest updateMay 24

Description

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/advanced_booking_calendar1.6.8 — 1.6.8

▶NVDelbtide/advanced_booking_calendar< 1.6.8

🔴Vulnerability Details

GHSA

GHSA-mxq8-qjm4-g6gq: The Advanced Booking Calendar WordPress plugin before 1↗2022-05-24

▶

CVEList

Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)↗2021-04-22

▶