Описание
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
Ссылки
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_system_calendar_server:6:-:sparc:*:*:*:*:*
cpe:2.3:a:sun:java_system_calendar_server:6.3:-:sparc:*:*:*:*:*
cpe:2.3:a:sun:one_calendar_server:6.0:-:sparc:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:sun:java_system_calendar_server:6:-:x86:*:*:*:*:*
cpe:2.3:a:sun:java_system_calendar_server:6.3:-:x86:*:*:*:*:*
cpe:2.3:a:sun:one_calendar_server:6.0:-:x86:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:sun:java_system_calendar_server:6:-:linux:*:*:*:*:*
cpe:2.3:a:sun:java_system_calendar_server:6.3:-:linux:*:*:*:*:*
cpe:2.3:a:sun:one_calendar_server:6.0:-:linux:*:*:*:*:*
EPSS
Процентиль: 84%
0.02134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
EPSS
Процентиль: 84%
0.02134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79