CVE-2023-51504

MEDIUM

Dan's Embedder for Google Calendar <1.2 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-51504. PoCs published by Sybelle03.

AI-analyzed exploit summary This repository provides a Dockerized environment to reproduce and scan for CVE-2023-51504, a SQL injection vulnerability in MotoCMS Version 3.4.3. It uses sqlmap to detect and exploit the vulnerability via the 'keyword' parameter in the search endpoint.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.

Exploits (1)

nomisec SCANNER
by Sybelle03 · poc
https://github.com/Sybelle03/CVE-2023-51504

This repository provides a Dockerized environment to reproduce and scan for CVE-2023-51504, a SQL injection vulnerability in MotoCMS Version 3.4.3. It uses sqlmap to detect and exploit the vulnerability via the 'keyword' parameter in the search endpoint.

Classification
Scanner 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MotoCMS Version 3.4.3
No auth needed
Prerequisites: Docker environment · Internet access to target URL
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Scores

CVSS v3 6.5
EPSS 0.0074
EPSS Percentile 50.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
Dan Dulaney/Dan's Embedder for Google Calendar < 1.2
dandulaney/dan\'s_embedder_for_google_calendar < 1.3
Published Feb 05, 2024
Tracked Since Feb 18, 2026