CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
50.1%
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6
allow remote attackers to inject arbitrary web script or HTML via (1) an
event description, (2) the query string to pref.php, and (3) the adv
parameter to search.php. NOTE: vector 1 requires user authentication.
Author | Note |
---|---|
fujitsu | None of the three vulnerabilities are present in Debian’s 1.0.x. See the Debian bug for explanation. |