CVE-2021-27330

MEDIUM NUCLEI

Triconsole Datepicker Calendar <3.77 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27330. PoCs published by Akash Chathoth. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional proof-of-concept for a reflected XSS vulnerability in Triconsole 3.75. The exploit demonstrates how an attacker can inject arbitrary JavaScript code via the URL path, which is then reflected in the response.

Description

Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

Exploits (1)

exploitdb WORKING POC

by Akash Chathoth · textwebappsphp

https://www.exploit-db.com/exploits/49597

View Code ZIP pw:eip

This is a functional proof-of-concept for a reflected XSS vulnerability in Triconsole 3.75. The exploit demonstrates how an attacker can inject arbitrary JavaScript code via the URL path, which is then reflected in the response.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Triconsole < 3.76

No auth needed

Prerequisites: Access to the vulnerable endpoint /calendar_form.php

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting

MEDIUMVERIFIEDby pikpikcu,daffainfo

Shodan: http.title:triconsole.com - php calendar date picker

FOFA: title=triconsole.com - php calendar date picker

References (4)

Core 4

Core References

Product x_refsource_misc

http://www.triconsole.com/

Product x_refsource_misc

http://www.triconsole.com/php/calendar_datepicker.php

Exploit, Third Party Advisory x_refsource_misc

https://www.exploit-db.com/exploits/49597

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0620

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

triconsole/datepicker_calendar < 3.77

Published Feb 25, 2021

Tracked Since Feb 18, 2026