.. / CVE-2021-27330

Exploit for Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting (CVE-2021-27330)

Description:

Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

Nuclei Template

View the template here CVE-2021-27330.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-27330.yaml

References:

https://github.com/ARPSyndicate/cvemon
http://www.triconsole.com/php/calendar_datepicker.php
http://www.triconsole.com/
https://nvd.nist.gov/vuln/detail/CVE-2021-27330
https://www.exploit-db.com/exploits/49597

.. / CVE-2021-27330 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting (CVE-2021-27330)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-27330