CVE-2021-27330

Name of the Vulnerable Software and Affected Versions Triconsole Datepicker Calendar versions prior to 3.77

Description The issue affects the calendar form.php file, allowing attackers to perform cross-site scripting (XSS) attacks. This can lead to the reading of authentication cookies that are still active. As a result, attackers can perform further attacks, such as reading browser history, directory listings, and file contents.

Recommendations For versions prior to 3.77, update to version 3.77 or later to resolve the issue. As a temporary workaround, consider restricting access to the calendar form.php file to minimize the risk of exploitation.