CVE-2021-27330 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Triconsole Datepicker Calendar affects v. before 3.77.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
The Triconsole Datepicker Calendar is a popular tool used for date selection in applications. It is commonly integrated into websites, making it easy and intuitive for users to select dates. The primary purpose of the Triconsole Datepicker Calendar is to provide an enhanced user experience by simplifying the process of selecting dates and improving the accuracy of date selection. It is widely used in various industries, including travel, hospitality, and e-commerce.
The CVE-2021-27330 vulnerability was detected in the Triconsole Datepicker Calendar version 3.77. This vulnerability allows attackers to inject malicious code into the application through cross-site scripting (XSS) in calendar_form.php. Attackers can then read authentication cookies that are still active, potentially allowing them to perform further attacks such as reading browser history, directory listings, and file contents.
When exploited, this vulnerability can lead to serious consequences. Attackers can gain unauthorized access to sensitive information, including personally identifiable information (PII) and financial data. This can result in identity theft, fraud and other malicious actions. Additionally, attackers can use this information to gain access to further systems and applications, increasing the risk and potential damage of the attack.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. By utilizing advanced security scanning technology, s4e.io delivers real-time, actionable intelligence on potential threats to digital assets. This includes regular updates on vulnerabilities such as the CVE-2021-27330, ensuring that users are always up-to-date on the latest security threats. With s4e.io, users can rest assured that their digital assets are protected and secure, minimizing the risk of potential attacks.
REFERENCES
