Vulnerability Details : CVE-2004-1506
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2004-1506
- cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.25:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.26:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.31:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.32:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.34:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.33:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.27:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.28:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.36:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.37:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.44:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.29:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.30:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.38:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.39:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.40:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.41:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.35:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.42:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar:webcalendar:0.9.43:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1506
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1506
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2004-1506
Jump to