Davical ≫ Davical

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

9.3

CVE-2019-18345

Exploit

EPSS 1.09%
Published 12.12.2019 14:15:16
Last modified 21.11.2024 04:33:05

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in t...

8.8

CVE-2019-18346

Exploit

EPSS 1.11%
Published 04.12.2019 18:15:16
Last modified 21.11.2024 04:33:06

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the a...

5.4

CVE-2019-18347

Exploit

EPSS 0.75%
Published 04.12.2019 18:15:16
Last modified 21.11.2024 04:33:06

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly p...