CVE-2017-9072

EPSS 0.28%
Veröffentlicht 18.05.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Calendarxp ≫ Flatcalendarxp Version <= 9.9.290

Calendarxp ≫ Popcalendarxp Version <= 9.8.308

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.516

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securityfocus.com/bid/102632

https://github.com/victorwon/calendarxp/issues/2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9072

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9072

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9072

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-9072