Back to search
CVE-2019-18347
Published: Dec 4, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.davical.org/
x_refsource_MISC
https://gitlab.com/davical-project/davical/blob/master/ChangeLog
x_refsource_MISC
20191210 CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
20191210 CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
20191210 CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
[debian-lts-announce] 20191214 [SECURITY] [DLA 2034-1] davical security update
mailing-list
x_refsource_MLIST
DSA-4582
vendor-advisory
x_refsource_DEBIAN
20191216 [SECURITY] [DSA 4582-1] davical security update
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now