Description
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Product(s):
- Webcalendar 0.9.11
- WebCalendar 0.9.15
- WebCalendar 0.9.16
- WebCalendar 0.9.19
- WebCalendar 0.9.20
- WebCalendar 0.9.21
- WebCalendar 0.9.22
- WebCalendar 0.9.23
- WebCalendar 0.9.24
- WebCalendar 0.9.25
- WebCalendar 0.9.26
- WebCalendar 0.9.27
- WebCalendar 0.9.28
- WebCalendar 0.9.29
- WebCalendar 0.9.30
- WebCalendar 0.9.31
- WebCalendar 0.9.32
- WebCalendar 0.9.33
- WebCalendar 0.9.34
- WebCalendar 0.9.35
- WebCalendar 0.9.36
- WebCalendar 0.9.37
- WebCalendar 0.9.38
- WebCalendar 0.9.39
- WebCalendar 0.9.40
- WebCalendar 0.9.41
- WebCalendar 0.9.42
- WebCalendar 0.9.43
- WebCalendar 0.9.44
- WebCalendar 0.9.8
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1506, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1506 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.