CVE-2021-27330
published 2021-02-25CVE-2021-27330: Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still…
PriorityP343medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.20%
92.6th percentile
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| triconsole | datepicker_calendar | < 3.77 | 3.77 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-27330 [MEDIUM] Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
Triconsole Datepicker Calendar alert(document.domain)'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'alert(document.domain)'
- 'TriConsole.com - PHP Calendar Date Picker'
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402206af1e2577726c430cec038dbdb32444a9353ab341930d7ec71a9f0e326bbc9cf02207c1cdb926084f2b083005af6194815d1f9b528b64322f0cb0b85b3f2fc713bdd:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.htmlhttp://www.triconsole.com/http://www.triconsole.com/php/calendar_datepicker.phphttps://www.exploit-db.com/exploits/49597http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.htmlhttp://www.triconsole.com/http://www.triconsole.com/php/calendar_datepicker.phphttps://www.exploit-db.com/exploits/49597
2021-02-25
Published