CVE-2021-24147
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-24147
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24147.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-24147
- Published
- 2021-03-18T15:15:15Z
- Modified
- 2025-01-14T08:59:54.243412Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event.
- References
Affected packages
Git / github.com/webnuswp/modern-events-calendar-lite
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webnuswp/modern-events-calendar-lite
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.7.7
4.8.1
4.8.2
4.8.3
4.8.5
5.*
5.0.0
5.0.1
5.0.2
5.0.5
5.1.0
5.1.5
5.1.6
5.1.7
5.1.8
5.10.0
5.10.5
5.11.0
5.11.5
5.12.0
5.12.5
5.12.6
5.13.0
5.13.1
5.13.5
5.13.6
5.14.0
5.15.0
5.15.5
5.16.0
5.16.1
5.16.2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.5
5.2.6
5.2.7
5.3.0
5.3.5
5.4.0
5.4.5
5.4.6
5.5.0
5.6.0
5.6.1
5.6.5
5.7.0
5.7.5
5.8.0
5.8.5
5.9.0
5.9.5
v4.*
v4.7.6
v4.9.0
v4.9.5