Vulnerability Details CVE-2004-1506
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18026
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18026
Products affected by CVE-2004-1506
-
cpe:2.3:a:webcalendar:webcalendar:0.9.11
-
cpe:2.3:a:webcalendar:webcalendar:0.9.15
-
cpe:2.3:a:webcalendar:webcalendar:0.9.16
-
cpe:2.3:a:webcalendar:webcalendar:0.9.19
-
cpe:2.3:a:webcalendar:webcalendar:0.9.20
-
cpe:2.3:a:webcalendar:webcalendar:0.9.21
-
cpe:2.3:a:webcalendar:webcalendar:0.9.22
-
cpe:2.3:a:webcalendar:webcalendar:0.9.23
-
cpe:2.3:a:webcalendar:webcalendar:0.9.24
-
cpe:2.3:a:webcalendar:webcalendar:0.9.25
-
cpe:2.3:a:webcalendar:webcalendar:0.9.26
-
cpe:2.3:a:webcalendar:webcalendar:0.9.27
-
cpe:2.3:a:webcalendar:webcalendar:0.9.28
-
cpe:2.3:a:webcalendar:webcalendar:0.9.29
-
cpe:2.3:a:webcalendar:webcalendar:0.9.30
-
cpe:2.3:a:webcalendar:webcalendar:0.9.31
-
cpe:2.3:a:webcalendar:webcalendar:0.9.32
-
cpe:2.3:a:webcalendar:webcalendar:0.9.33
-
cpe:2.3:a:webcalendar:webcalendar:0.9.34
-
cpe:2.3:a:webcalendar:webcalendar:0.9.35
-
cpe:2.3:a:webcalendar:webcalendar:0.9.36
-
cpe:2.3:a:webcalendar:webcalendar:0.9.37
-
cpe:2.3:a:webcalendar:webcalendar:0.9.38
-
cpe:2.3:a:webcalendar:webcalendar:0.9.39
-
cpe:2.3:a:webcalendar:webcalendar:0.9.40
-
cpe:2.3:a:webcalendar:webcalendar:0.9.41
-
cpe:2.3:a:webcalendar:webcalendar:0.9.42
-
cpe:2.3:a:webcalendar:webcalendar:0.9.43
-
cpe:2.3:a:webcalendar:webcalendar:0.9.44
-
cpe:2.3:a:webcalendar:webcalendar:0.9.8