Lucene search

K

PRIOn knowledge basePRION:CVE-2019-18347

HistoryDec 04, 2019 - 6:15 p.m.

Cross site scripting

2019-12-0418:15:00

PRIOn knowledge base

www.prio-n.com

4

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.

CPENameOperatorVersion
davicalle1.1.8

References

packetstormsecurity.com/files/155628/DAViCal-CalDAV-Server-1.1.8-Persistent-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2019/Dec/17

seclists.org/fulldisclosure/2019/Dec/18

seclists.org/fulldisclosure/2019/Dec/19

gitlab.com/davical-project/davical/blob/master/ChangeLog

hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/

lists.debian.org/debian-lts-announce/2019/12/msg00016.html

seclists.org/bugtraq/2019/Dec/30

www.davical.org/

www.debian.org/security/2019/dsa-4582

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

Related for PRION:CVE-2019-18347

ubuntucve1 osv3 nvd1 debiancve1 cve1 cvelist1 packetstorm3 openvas2 debian2 nessus2