Lucene search
PRIOn knowledge basePRION:CVE-2021-32859HistoryFeb 21, 2023 - 3:15 p.m.
Cross site scripting
2023-02-2115:15:00
PRIOn knowledge base
www.prio-n.com
baremetrics
date range picker
cross-site scripting
xss
untrusted placeholder
html
javascript
user context
0.001 Low
EPSS
Percentile
25.5%
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when creating a Calendar instance is able to supply arbitrary html or javascript that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| date_range_picker | le | 1.0.14 |
Related
github
github
Baremetrics date range picker vulnerable to Cross-site Scripting
2023-02-21 15:30:23
osv
osv
CVE-2021-32859
2023-02-21 15:15:11
Baremetrics date range picker vulnerable to Cross-site Scripting
2023-02-21 15:30:23
cvelist
cvelist
nvd
nvd
CVE-2021-32859
2023-02-21 15:15:11
cve
cve
CVE-2021-32859
2023-02-21 15:15:11
veracode
veracode
Cross-site Scripting (XSS)
2023-02-27 02:48:05