CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
72.0%
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Vendor | Product | Version | CPE |
---|---|---|---|
webcalendar | webcalendar | 0.9.8 | cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.11 | cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.15 | cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.16 | cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.19 | cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.20 | cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.21 | cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.22 | cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.23 | cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.24 | cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:* |