Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5384

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5384
Last Modified 22 Oct 2012 12:00:00
Published 11 Oct 2012 11:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5384

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

Vulnerable Systems

Application

  • Craig Knudsen Webcalendar -


References

CONFIRM - http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870

CONFIRM - http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download


Last Updated: 27 May 2016 11:00:58