CVE-2012-0846

WebCalendar 1.2.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.

References (9)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-01/0129.html

[Product] http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870

[Product] http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72563

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51600

[Mailing List] http://www.openwall.com/lists/oss-security/2012/02/11/2

[Mailing List] http://www.openwall.com/lists/oss-security/2012/02/12/1

[Mailing List] http://www.openwall.com/lists/oss-security/2012/02/12/3

[Mailing List] http://www.openwall.com/lists/oss-security/2012/02/13/6

Scores

EPSS 0.0064

EPSS Percentile 70.4%

Classification

CWE

CWE-79

Status published

Affected Products (2)

k5n/webcalendar

n/a/n/a

Timeline

Published Oct 08, 2012

Tracked Since Feb 18, 2026