Limited Black Friday Offer:

MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS) CVE-2021-24510 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS) CVE-2021-24510 Scanner Detail

The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39