CVE-2021-24687

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 57.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Modern Events Calendar LiteWebnus Modern Events Calendar Lite
Timeline
PublishedOct 4
Latest updateMay 24

Description

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/modern_events_calendar_lite5.22.25.22.2

🔴Vulnerability Details

2
GHSA
GHSA-vvvh-5w82-4q4g: The Modern Events Calendar Lite WordPress plugin before 52022-05-24
CVEList
Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting2021-10-04
CVE-2021-24687 (MEDIUM CVSS 4.8) | The Modern Events Calendar Lite Wor | cvebase.io