CVE-2013-6793

Olat 7.8.0.1 - Cross-Site Scripting via Calendar Event Name or Date Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6793. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed writeup describing a persistent XSS vulnerability in Olat CMS 7.8.0.1, where malicious script code can be injected via the event name parameter in the Calender module. The vulnerability allows for session hijacking, account theft, or phishing attacks.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/29279

This is a detailed writeup describing a persistent XSS vulnerability in Olat CMS 7.8.0.1, where malicious script code can be injected via the event name parameter in the Calender module. The vulnerability allows for session hijacking, account theft, or phishing attacks.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Olat CMS 7.8.0.1
Auth required
Prerequisites: Low-privileged user account · Access to the Calender module
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/29279
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/99075
Exploit mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Oct/154

Scores

EPSS 0.0322
EPSS Percentile 86.5%

Details

CWE
CWE-79
Status published
Products (1)
olat/olat 7.8.0.1
Published Nov 14, 2013
Tracked Since Feb 18, 2026