CVE-2009-1218

Published Apr 1, 2009

Last updated 6 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C2387AF-026B-423B-A396-55034DC984A4"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6.3:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E54204FF-DAA2-4D25-91CA-78DC271C35BD"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_calendar_server:6.0:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E04C0F4E-6825-4EED-994F-4FACCABD4670"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65EA6495-81BA-4124-82AB-C81AB94E2F9A"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6.3:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "382FDFCA-95D8-4A57-8114-B7B3C939DD73"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_calendar_server:6.0:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8C61E6-7EF3-4069-8335-1D11B86B31D2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E60435B-947E-4579-B4D5-3BB3A858D8C2"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_calendar_server:6.3:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D377C48F-4513-467B-8514-5F7F27071A41"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_calendar_server:6.0:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B17A5EA-6081-4229-B792-5EE18458BB9A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References