Описание
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.1.9.2-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.1.9.2-1 |
| esm-apps/jammy | not-affected | 1.1.9.2-1 |
| esm-apps/noble | not-affected | 1.1.9.2-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
9.3 Critical
CVSS3
Связанные уязвимости
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echo ...
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
Уязвимость сервера обмена календарями DAViCal, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
9.3 Critical
CVSS3