Risk: Medium

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021–27330

CWE-ID: CWE-79 — Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Vulnerable software version: Datepicker Calendar < 3.76

Exploit DB: https://www.exploit-db.com/exploits/49597

Google Dork: inurl:/calendar/calendar_form.php

Mitigation: Install updates from the vendor’s website.


Triconsole Datepicker Calendar is an open-source calendar component…

SMTP stands for Simple Mail Transfer Protocol is a TCP/IP protocol for sending E-mail messages between servers.SMTP usually is implemented to operate over Internet port 25. Nmap (Network Mapper) is the most popular port scanner which is designed to probe a server or host for open ports.

The following are the open ports that I identified on Open-xchange’s Sandbox domain sandbox.open-xchange.com (

Port Scanning Via Nmap

The SMTP user enumeration can be performed automatically via Metasploit, smtp_enum module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system.

Akash c

Self-learner |Bug Hunter|

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store