CVE-2017-9072

MEDIUM

CalendarXP <9.9.290, <9.8.308 - XSS

Title source: llm

Description

Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.

References (3)

[Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102632

[Third Party Advisory] https://github.com/victorwon/calendarxp/issues/2

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

calendarxp/flatcalendarxp < 9.9.290

calendarxp/popcalendarxp < 9.8.308

n/a/n/a

Published May 18, 2017

Tracked Since Feb 18, 2026