CVE-2018-11628
MEDIUMEMS Master Calendar < 8.0.0.201805210 - Cross-Site Scripting via URL Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-11628. PoCs published by Chris Barretto.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in EMS Master Calendar versions prior to 8.0.0.201805210. The PoC URL injects a script tag via the 'Name' parameter, which is not properly sanitized, leading to arbitrary JavaScript execution in the context of the user's browser.
Description
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in EMS Master Calendar versions prior to 8.0.0.201805210. The PoC URL injects a script tag via the 'Name' parameter, which is not properly sanitized, leading to arbitrary JavaScript execution in the context of the user's browser.
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N