CVE-2021-27330

MEDIUM NUCLEI

Triconsole Datepicker Calendar <3.77 - XSS

Title source: llm

Description

Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

Exploits (1)

exploitdb WORKING POC

by Akash Chathoth · textwebappsphp

https://www.exploit-db.com/exploits/49597

View Code ZIP pw:eip

Nuclei Templates (1)

Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting

MEDIUMVERIFIEDby pikpikcu,daffainfo

Shodan: http.title:triconsole.com - php calendar date picker

FOFA: title=triconsole.com - php calendar date picker

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html

[Product] http://www.triconsole.com/

[Product] http://www.triconsole.com/php/calendar_datepicker.php

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49597

Scores

CVSS v3 6.1

EPSS 0.2238

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

triconsole/datepicker_calendar < 3.77

Published Feb 25, 2021

Tracked Since Feb 18, 2026