4 matches found
[SECURITY] [DLA 2034-1] davical security update
Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DSA 4582-1] davical security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...
CVE-2019-18347
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...
CVE-2019-18347
DAViCal CalDAV Server (up to version 1.1.8) is affected by CVE-2019-18347 due to insufficient sanitization of unprivileged-set output fields (Username, Display Name, Email), enabling stored XSS that can execute JavaScript for another user. The issue is documented across multiple advisories; Debia...