cbcvebase.
CVE-2021-24498
published 2021-08-02

CVE-2021-24498: The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the…

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.06%
86.0th percentile
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.

Affected

1 ranges
VendorProductVersion rangeFixed in
dwboostercalendar_event_multi_view< 1.4.011.4.01

Detection & IOCsextracted from sources · hover to see the quote

path/php/edit.php
sigma
detection:
  selection:
    c-uri|contains: '/php/edit.php'
    cs-uri-query|contains|all:
      - 'start'
      - 'end'
  condition: selection
yara
rule CVE_2021_24498_Calendar_Event_Multi_View_XSS {
  meta:
    description = "Detects exploitation of CVE-2021-24498 reflected XSS in Calendar Event Multi View plugin"
    cve = "CVE-2021-24498"
  strings:
    $path = "/php/edit.php" ascii
    $param1 = "start" ascii
    $param2 = "end" ascii
    $xss = "<script" ascii nocase
  condition:
    $path and ($param1 or $param2) and $xss
}
  • Monitor HTTP GET requests to '/php/edit.php' containing 'start' and/or 'end' query parameters with script injection payloads (e.g., <script>, javascript:, onerror=), indicative of reflected XSS exploitation attempts against Calendar Event Multi View plugin.
  • Look for HTTP responses with Content-Type 'text/html' and status 200 from requests to the vulnerable endpoint, as the unsanitised parameters are reflected directly into the HTML page output.
  • ·The vulnerability affects Calendar Event Multi View WordPress plugin versions before 1.4.01 only. Ensure version fingerprinting is used to reduce false positives when deploying detections.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.