Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1421

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1421
Last Modified 23 Apr 2014 07:50:30
Published 22 Apr 2014 10:23:31
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1421

Summary

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

Vulnerable Systems

Application

  • Craig Knudsen Webcalendar 1.0

  • Craig Knudsen Webcalendar 1.1.1

  • Craig Knudsen Webcalendar 1.1.2

  • Craig Knudsen Webcalendar 1.1.3

  • Craig Knudsen Webcalendar 1.1.4

  • Craig Knudsen Webcalendar 1.1.5

  • Craig Knudsen Webcalendar 1.1.6

  • Craig Knudsen Webcalendar 1.2

  • Craig Knudsen Webcalendar 1.2.0

  • Craig Knudsen Webcalendar 1.2.1

  • Craig Knudsen Webcalendar 1.2.2

  • Craig Knudsen Webcalendar 1.2.3

  • Craig Knudsen Webcalendar 1.2.4

  • Craig Knudsen Webcalendar 1.2.6


References

CONFIRM - http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/

MISC - http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/

OSVDB - 90669


Last Updated: 27 May 2016 11:05:03