CVE-2009-3021

Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Aug 31, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3021
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
yoshinori_tahara / mycaljp	2.0.0	2.0.0.x
yoshinori_tahara / mycaljp	2.0.1	2.0.1.x
yoshinori_tahara / mycaljp	2.0.2	2.0.2.x
yoshinori_tahara / mycaljp	2.0.3	2.0.3.x
yoshinori_tahara / mycaljp	2.0.4	2.0.4.x
yoshinori_tahara / mycaljp	2.0.5	2.0.5.x
yoshinori_tahara / mycaljp	2.0.6	2.0.6.x
geeklog / geeklog	1.5.0	1.5.0.x
geeklog / geeklog	1.5.1	1.5.1.x
geeklog / geeklog	1.5.2	1.5.2.x

http://jvn.jp/en/jp/JVN20478978/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html
http://secunia.com/advisories/36404
http://secunia.com/advisories/36413
http://www.geeklog.jp/article.php/20090820020302431

Vulnerability Database

290,301

CVE-2009-3021