Sun Java System Calendar Server多个模块跨站脚本漏洞

BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数，command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...

CVE-2009-1218

CVE-2009-1218 describes multiple XSS vulnerabilities in Sun Calendar Server components (login.wcap fmt-out and command.shtml date) affecting Sun Calendar Express Web Server, Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6.0–6.3-7.01. The issue arises from improper input sanitiza...

CVE-2009-1218

creationtimestamp| type| source ---|---|--- 2009-03-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32862...

Solaris 9 (sparc) : 121657-54

Calendar Server SunOS 5.9 5.10: Core patch. Date this patch was last updated by Sun : Aug/14/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 9 (x86) : 121658-54

Calendar Server SunOS 5.9x86 5.10x86: Core patch. Date this patch was last updated by Sun : Aug/14/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...