Vulnerability Details CVE-2017-9072
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/102632
- https://github.com/victorwon/calendarxp/issues/2
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/102632
- https://github.com/victorwon/calendarxp/issues/2
Products affected by CVE-2017-9072
-
cpe:2.3:a:calendarxp:flatcalendarxp:9.9.290
-
cpe:2.3:a:calendarxp:popcalendarxp:9.8.308