Lucene search

[email protected]CVE-2012-0846

HistoryOct 08, 2012 - 8:55 p.m.

CVE-2012-0846

2012-10-0820:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-0846

cross-site scripting

xss vulnerability

webcalendar 1.2.4

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.

Affected configurations

NVD

Node

k5nwebcalendarMatch1.2.4

CPENameOperatorVersion
k5n:webcalendark5n webcalendareq1.2.4

CPE	Name	Operator	Version
k5n:webcalendar	k5n webcalendar	eq	1.2.4

References

archives.neohapsis.com/archives/bugtraq/2012-01/0129.html

sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870

sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870

www.openwall.com/lists/oss-security/2012/02/11/2

www.openwall.com/lists/oss-security/2012/02/12/1

www.openwall.com/lists/oss-security/2012/02/12/3

www.openwall.com/lists/oss-security/2012/02/13/6

www.securityfocus.com/bid/51600

exchange.xforce.ibmcloud.com/vulnerabilities/72563

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2012-0846

openvas6 fedora2 nessus3 nvd2 freebsd1 prion2 cvelist2 cve1