Unknown · Triconsole Datepicker Calendar · CVE-2021-27330
**Name of the Vulnerable Software and Affected Versions**
Triconsole Datepicker Calendar versions prior to 3.77
**Description**
The issue affects the calendar form.php file, allowing attackers to perform cross-site scripting (XSS) attacks. This can lead to the reading of authentication cookies that are still active. As a result, attackers can perform further attacks, such as reading browser history, directory listings, and file contents.
**Recommendations**
For versions prior to 3.77, update to version 3.77 or later to resolve the issue. As a temporary workaround, consider restricting access to the calendar form.php file to minimize the risk of exploitation.