Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html | Exploit Third Party Advisory |
http://www.triconsole.com/ | Product |
http://www.triconsole.com/php/calendar_datepicker.php | Product |
https://www.exploit-db.com/exploits/49597 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-25T15:11:58
Updated: 2021-02-26T17:06:18
Reserved: 2021-02-16T00:00:00
Link: CVE-2021-27330
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-25T16:15:12.260
Modified: 2021-03-03T15:51:39.590
Link: CVE-2021-27330
JSON object: View
Redhat Information
No data.
CWE