CVE-2013-6794

Olat 7.8.0.1 - Cross-Site Scripting via Calendar Location Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6794. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed writeup describing a persistent XSS vulnerability in Olat CMS 7.8.0.1, where malicious script code can be injected via the event name parameter in the Calender module. The vulnerability allows for session hijacking, account theft, or phishing attacks.

Description

Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/29279

View Code ZIP pw:eip

This is a detailed writeup describing a persistent XSS vulnerability in Olat CMS 7.8.0.1, where malicious script code can be injected via the event name parameter in the Calender module. The vulnerability allows for session hijacking, account theft, or phishing attacks.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Olat CMS 7.8.0.1

Auth required

Prerequisites: Low-privileged user account · Access to the Calender module

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55423

Scores

EPSS 0.0142

EPSS Percentile 69.4%

Details

CWE

CWE-79

Status published

Products (1)

olat/olat 7.8.0.1

Published Nov 14, 2013

Tracked Since Feb 18, 2026