Lucene search
Ubuntu.comUB:CVE-2007-6696HistoryFeb 01, 2008 - 12:00 a.m.
CVE-2007-6696
2008-02-0100:00:00
ubuntu.com
ubuntu.com
8
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
0.001
Percentile
50.1%
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6
allow remote attackers to inject arbitrary web script or HTML via (1) an
event description, (2) the query string to pref.php, and (3) the adv
parameter to search.php. NOTE: vector 1 requires user authentication.
Bugs
Notes
| Author | Note |
|---|---|
| fujitsu | None of the three vulnerabilities are present in Debian’s 1.0.x. See the Debian bug for explanation. |
Related
nvd
nvd
CVE-2007-6696
2008-02-01 20:00:00
cve
cve
CVE-2007-6696
2008-02-01 20:00:00
exploitdb
exploitdb
WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting
2008-01-25 00:00:00
WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting
2008-01-25 00:00:00
prion
prion
Cross site scripting
2008-02-01 20:00:00
cvelist
cvelist
CVE-2007-6696
2008-02-01 19:41:00
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
0.001
Percentile
50.1%
Related for UB:CVE-2007-6696