Lucene search
MitreCVE-2004-1506HistoryFeb 19, 2005 - 5:00 a.m.
CVE-2004-1506
2005-02-1905:00:00
mitre
web.nvd.nist.gov
24
webcalendar
xss
cve-2004-1506
vulnerability
remote attackers
web script
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.004
Percentile
72.0%
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Affected configurations
Node
webcalendarwebcalendarMatch0.9.8
ORwebcalendarwebcalendarMatch0.9.11
ORwebcalendarwebcalendarMatch0.9.15
ORwebcalendarwebcalendarMatch0.9.16
ORwebcalendarwebcalendarMatch0.9.19
ORwebcalendarwebcalendarMatch0.9.20
ORwebcalendarwebcalendarMatch0.9.21
ORwebcalendarwebcalendarMatch0.9.22
ORwebcalendarwebcalendarMatch0.9.23
ORwebcalendarwebcalendarMatch0.9.24
ORwebcalendarwebcalendarMatch0.9.25
ORwebcalendarwebcalendarMatch0.9.26
ORwebcalendarwebcalendarMatch0.9.27
ORwebcalendarwebcalendarMatch0.9.28
ORwebcalendarwebcalendarMatch0.9.29
ORwebcalendarwebcalendarMatch0.9.30
ORwebcalendarwebcalendarMatch0.9.31
ORwebcalendarwebcalendarMatch0.9.32
ORwebcalendarwebcalendarMatch0.9.33
ORwebcalendarwebcalendarMatch0.9.34
ORwebcalendarwebcalendarMatch0.9.35
ORwebcalendarwebcalendarMatch0.9.36
ORwebcalendarwebcalendarMatch0.9.37
ORwebcalendarwebcalendarMatch0.9.38
ORwebcalendarwebcalendarMatch0.9.39
ORwebcalendarwebcalendarMatch0.9.40
ORwebcalendarwebcalendarMatch0.9.41
ORwebcalendarwebcalendarMatch0.9.42
ORwebcalendarwebcalendarMatch0.9.43
ORwebcalendarwebcalendarMatch0.9.44
| Vendor | Product | Version | CPE |
|---|---|---|---|
| webcalendar | webcalendar | 0.9.8 | cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.11 | cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.15 | cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.16 | cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.19 | cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.20 | cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.21 | cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.22 | cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.23 | cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.24 | cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2004-1506
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-1506
2005-02-19 05:00:00
openvas
openvas
WebCalendar SQL Injection
2005-11-03 00:00:00
WebCalendar SQL Injection (Nov 2005) - Active Check
2005-11-03 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.004
Percentile
72.0%
Related for CVE-2004-1506