CVE-2013-1421

Webcalendar < 1.2.4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

References (3)

[Third Party Advisory, VDB Entry] http://osvdb.org/90669

[Exploit] http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/

[Patch] http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/

Scores

EPSS 0.0025

EPSS Percentile 48.6%

Details

CWE

CWE-79

Status published

Products (17)

webcalendar_project/webcalendar < 1.2.4

webcalendar_project/webcalendar

... and 7 more

Published Apr 22, 2014

Tracked Since Feb 18, 2026