XSS in K5n Webcalendar
CVE-2012-0846
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.017 (74.2th percentile) — read the EPSS interpretation.
Affected products
- K5n Webcalendar — versions 1.2.4
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, Exploit, x_refsource_BUGTRAQ)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)