Vulnerability Details CVE-2018-11628
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/104428
- https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm
- https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28
- https://www.exploit-db.com/exploits/44831/
- http://www.securityfocus.com/bid/104428
- https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm
- https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28
- https://www.exploit-db.com/exploits/44831/
Products affected by CVE-2018-11628
-
cpe:2.3:a:emssoftware:ems_master_calendar:*