Lucene search

[email protected]CVE-2012-5384

HistoryOct 11, 2012 - 3:55 p.m.

CVE-2012-5384

2012-10-1115:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-5384

cross-site scripting

xss

webcalendar

craig knudsen

remote attackers

arbitrary web script

html

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

CPENameOperatorVersion
webcalendar_project:webcalendarwebcalendar project webcalendareq-

CPE	Name	Operator	Version
webcalendar_project:webcalendar	webcalendar project webcalendar	eq	-

References

sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download

sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVE-2012-5384

cvelist2 prion2 openvas6 nessus3 fedora2 cve1 freebsd1