CVEs-PoC/2021/CVE-2021-24510.md

### [CVE-2021-24510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24510)
![](https://img.shields.io/static/v1?label=Product&message=MF%20Gig%20Calendar&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)

### Description

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

### POC

#### Reference
- https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates