Description
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/29279
References (5)
Core 5
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/29279
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/99075
Exploit x_refsource_misc
http://packetstormsecurity.com/files/123825/Olat-CMS-7.8.0.1-Cross-Site-Scripting.html
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Oct/154
Exploit x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=1125
Scores
EPSS
0.0827
EPSS Percentile
92.3%
Details
CWE
CWE-79
Status
published
Products (1)
olat/olat
7.8.0.1
Published
Nov 14, 2013
Tracked Since
Feb 18, 2026