Lucene search
GoogleOSV:CVE-2021-32859HistoryFeb 21, 2023 - 3:15 p.m.
CVE-2021-32859
2023-02-2115:15:11
Google
osv.dev
2
baremetrics
date range picker
cross-site scripting
0.001 Low
EPSS
Percentile
25.5%
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when creating a Calendar instance is able to supply arbitrary html or javascript that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.
Related
github
github
Baremetrics date range picker vulnerable to Cross-site Scripting
2023-02-21 15:30:23
prion
prion
Cross site scripting
2023-02-21 15:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-32859
2023-02-21 15:15:11
cve
cve
CVE-2021-32859
2023-02-21 15:15:11
osv
osv
Baremetrics date range picker vulnerable to Cross-site Scripting
2023-02-21 15:30:23
veracode
veracode
Cross-site Scripting (XSS)
2023-02-27 02:48:05