CVE-2021-27330: Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php.

Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

UnknownCVSS not scoredNot KEV-listed Updated Aug 3, 2024, 20:48 UTC (UTC+00:00)

Analyst readout for executives and security teams

Plain-English summary

CVE-2021-27330 is a cross-site scripting issue in Triconsole Datepicker Calendar before 3.77. If exposed, an attacker could run script in a user's browser and potentially access still-active authentication cookies, enabling follow-on abuse. The source bundle does not provide CVSS scoring or confirmed active exploitation.

Executive priority

Treat this as a targeted legacy-web risk. Prioritize remediation if the component is internet-facing, used in authenticated workflows, or handles privileged sessions. Lower urgency if the component is absent or unreachable.

Technical view

The CVE describes XSS in calendar_form.php for Triconsole Datepicker Calendar versions earlier than 3.77. Public exploit references exist, including Exploit-DB and Packet Storm entries, but the bundle does not confirm exploitation in the wild, affected CPEs, CWE mapping, or vendor remediation details beyond the version boundary.

Likely exposure

Exposure is most likely where legacy Triconsole Datepicker Calendar code is deployed on public or authenticated web applications, especially if calendar_form.php is reachable and sessions use cookies that remain active after login.

Exploitation context

The bundle cites public exploit writeups, so defenders should assume the vulnerability is publicly known. KEV is false and no cited source confirms active exploitation. No exploit mechanics should be needed for defensive prioritization.

Researcher notes

Evidence is limited: the CVE names the vulnerable file and version range, and references public exploit disclosures. It does not include CVSS, CPEs, CWE, detailed vendor advisory text, or confirmed patch instructions in the supplied bundle.

Mitigation direction

Inventory applications using Triconsole Datepicker Calendar and identify versions before 3.77.
Check vendor guidance and update to a non-affected version if available.
Remove or disable unused Triconsole calendar code, especially calendar_form.php.
Restrict access to affected paths until remediation is confirmed.
Review session cookie protections to reduce XSS impact, without treating them as a fix.

Validation and detection

Confirm whether Triconsole Datepicker Calendar is present in web roots or application dependencies.
Verify the deployed component version and whether it is earlier than 3.77.
Check whether calendar_form.php is reachable from untrusted networks.
Review web logs and security telemetry for suspicious requests to the affected path.
Document findings without running public exploit code in production.

Prepared: Jun 3, 2026, 03:04 UTC (UTC+00:00)
Confidence: medium
Sources: 6

Public sources used

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-27330 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup

Vulnerability profile CVE Program record

Severity: Unknown
CVSS: Not scored
Known Exploited: No
Published: Feb 25, 2021, 15:11 UTC (UTC+00:00)

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0 CVSS vectors

0 Timeline events

0 ADP providers

5 Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

CVE List V5 source CVE List V5
http://www.triconsole.com/ CVE reference · x_refsource_MISC
http://www.triconsole.com/php/calendar_datepicker.php CVE reference · x_refsource_MISC
https://www.exploit-db.com/exploits/49597 CVE reference · x_refsource_MISC
http://packetstormsecurity.com/files/161570/Triconsole-3.75-Cross-Site-Scripting.html CVE reference · x_refsource_MISC

Affected products

Products and packages named in the record

Vendor Product Version / package Status

n/a n/a n/a Listed

Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.