CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
50.1%
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
Vendor | Product | Version | CPE |
---|---|---|---|
webcalendar | webcalendar | 1.1.6 | cpe:2.3:a:webcalendar:webcalendar:1.1.6:*:*:*:*:*:*:* |