CVE-2007-1111
5.9 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.046 Low
EPSS
Percentile
92.4%
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
| CPE | Name | Operator | Version |
|---|---|---|---|
| activecalendar:activecalendar | activecalendar | eq | 1.2.0 |
References
securityreason.com/securityalert/2299
www.osvdb.org/33145
www.osvdb.org/33146
www.osvdb.org/33147
www.osvdb.org/33148
www.osvdb.org/33149
www.osvdb.org/33150
www.osvdb.org/33151
www.osvdb.org/33152
www.osvdb.org/33153
www.securityfocus.com/archive/1/461146/100/0/threaded
www.securityfocus.com/archive/1/461313/100/0/threaded
www.securityfocus.com/bid/22705
www.vupen.com/english/advisories/2007/0759
exchange.xforce.ibmcloud.com/vulnerabilities/32690
5.9 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.046 Low
EPSS
Percentile
92.4%