CVE-2024-1097 in webcalendarinformazioni

Riassunto

di MITRE • 15/11/2024

A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsabile

@huntr Ai

Prenotare

31/01/2024

Divulgazione

15/11/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00318

KEV

no

Attività

molto basso

Fonti

Want to stay up to date on a daily basis?

Enable the mail alert feature now!