CVE-2021-24498

CVE-2021-24498: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Vendor Unknown

Product Calendar Event Multi View

Weakness CWE-79 · XSS

Published August 2, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

August 2, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24498

Related vulnerabilities

04Related CVE

CVE-2025-31433 WordPress Magic Embeds plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability CVE-2024-25097 WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) CVE-2024-36172 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-4707 Infosoftbd Clcknshop all cross site scripting CVE-2023-2100 SourceCodester Vehicle Service Management System index.php cross site scripting