CVE-2004-1506

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1506
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
webcalendar / webcalendar	0.9.16	0.9.16.x
webcalendar / webcalendar	0.9.28	0.9.28.x
webcalendar / webcalendar	0.9.39	0.9.39.x
webcalendar / webcalendar	0.9.15	0.9.15.x
webcalendar / webcalendar	0.9.38	0.9.38.x
webcalendar / webcalendar	0.9.34	0.9.34.x
webcalendar / webcalendar	0.9.44	0.9.44.x
webcalendar / webcalendar	0.9.24	0.9.24.x
webcalendar / webcalendar	0.9.20	0.9.20.x
webcalendar / webcalendar	0.9.25	0.9.25.x
webcalendar / webcalendar	0.9.11	0.9.11.x
webcalendar / webcalendar	0.9.21	0.9.21.x
webcalendar / webcalendar	0.9.37	0.9.37.x
webcalendar / webcalendar	0.9.23	0.9.23.x
webcalendar / webcalendar	0.9.29	0.9.29.x
webcalendar / webcalendar	0.9.42	0.9.42.x
webcalendar / webcalendar	0.9.22	0.9.22.x
webcalendar / webcalendar	0.9.31	0.9.31.x
webcalendar / webcalendar	0.9.26	0.9.26.x
webcalendar / webcalendar	0.9.43	0.9.43.x
webcalendar / webcalendar	0.9.8	0.9.8.x
webcalendar / webcalendar	0.9.19	0.9.19.x
webcalendar / webcalendar	0.9.36	0.9.36.x
webcalendar / webcalendar	0.9.41	0.9.41.x
webcalendar / webcalendar	0.9.40	0.9.40.x
webcalendar / webcalendar	0.9.30	0.9.30.x
webcalendar / webcalendar	0.9.32	0.9.32.x
webcalendar / webcalendar	0.9.27	0.9.27.x
webcalendar / webcalendar	0.9.35	0.9.35.x
webcalendar / webcalendar	0.9.33	0.9.33.x

Vulnerability Database

290,020

CVE-2004-1506