CVE-2024-1097

Published Nov 15, 2024

Last updated 2 days ago

CVSS high 7.6

Overview

Description
A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies.
Source
security@huntr.dev
NVD status
Undergoing Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Severity
HIGH

Weaknesses

security@huntr.dev
CWE-79

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-1097 A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating… https://t.co/z6pddCqCwH

    @CVEnew

    15 Nov 2024

    338 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References