CVE-2010-0636

{"id": "CVE-2010-0636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-02-12T22:30:00.580", "references": [{"url": "http://holisticinfosec.org/content/view/133/45/", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38222", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38053", "source": "cve@mitre.org"}, {"url": "http://holisticinfosec.org/content/view/133/45/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38222", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/38053", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en WebCalendar versiones 1.2.0 y otras versiones anteriores a 1.2.5, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) tab en el archivo users.php y PATH_INFO en los archivos (2) day.php, (3) month.php y (4) week.php. NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T01:12:37.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:k5n:webcalendar:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E565A5E0-13BA-4D89-AC5E-EA5309E9ED81"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}